Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:20199
HistoryMay 16, 2019 - 3:58 a.m.

Sandbox Protection Bypass

2019-05-1603:58:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5

0.005 Low

EPSS

Percentile

77.3%

Jenkins Script Security Plugin is vulnerable to sandbox protection bypass attacks. This exists in the RejectASTTransformsCustomizer.java which allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that could result in arbitrary code execution on the Jenkins master JVM.

0.005 Low

EPSS

Percentile

77.3%