CVE-2019-1003006
The CVE-2019-1003006 entry describes a sandbox-bypass in Jenkins Groovy Plugin 2.0 and earlier, caused by src/main/java/hudson/plugins/groovy/StringScriptSource.java. Attackers with Overall/Read permission could submit a Groovy script via an HTTP endpoint, leading to arbitrary code execution on t...