GHSA-V63G-V339-2673 Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

PT-2022-26886 · Jenkins · Jenkins Pipeline: Groovy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2802.v5ea 628154b c2 and earlier Description: A sandbox bypass issue involves implicit casts by the Groovy language runtime, allowing attackers with permission to define and run sandboxed scripts to...