Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
Affected products
- Jenkins Project / Jenkins Script Security Plugin1.61 and earlier – 1.61 and earlier
References
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2019/07/31/1
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2651
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2594
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2662
- MISChttps://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%281%29