CVE-2020-2109
published 2020-02-12CVE-2020-2109: Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods.
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | applatix_plugin | — | — |
| jenkins | bmc_release_package_and_deployment_plugin | — | — |
| jenkins | digitalocean_plugin | — | — |
| jenkins | dynamic_extended_choice_parameter_plugin | — | — |
| jenkins | eagle_tester_plugin | — | — |
| jenkins | ecx_copy_data_management_plugin | — | — |
| jenkins | fitnesse_plugin | — | — |
| jenkins | git_parameter_plugin | — | — |
| jenkins | google_kubernetes_engine_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | harvest_scm_plugin | — | — |
| jenkins | ids_in_pipeline_github_notify_step_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | nunit_plugin | — | — |
| jenkins | parasoft_environment_manager_plugin | — | — |
| jenkins | pipeline | <= 2.78 | — |
| jenkins | pipeline_github_notify_step_plugin | — | — |
| jenkins | radargun_plugin | — | — |
| jenkins | s3_publisher_plugin | — | — |
| jenkins | sandbox_protection_in_script_security_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | subversion_plugin | — | — |
| jenkins | yaml_input_files_to_google_kubernetes_engine_plugin | — | — |
| jenkins_project | jenkins_pipeline_groovy_plugin | unspecified – 2.78 | — |