CVE-2020-2110

CWE-20 — Improper Input Validation8 documents7 sources

Severity

8.8HIGH

EPSS

1.3%

top 20.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Script Security Plugin Jenkins Script Security

Timeline

PublishedFeb 12

Latest updateMay 24

Description

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:script-security< 1.70

▶CVEListV5jenkins_project/jenkins_script_security_pluginunspecified — 1.69

▶NVDjenkins/script_security1.69

🔴Vulnerability Details

OSV

Improper Input Validation in Jenkins Script Security Plugin↗2022-05-24

▶

GHSA

Improper Input Validation in Jenkins Script Security Plugin↗2022-05-24

▶

CVEList

CVE-2020-2110: Sandbox protection in Jenkins Script Security Plugin 1↗2020-02-12

▶

📋Vendor Advisories

Red Hat

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations↗2020-03-09

▶

Jenkins

Jenkins Security Advisory 2020-02-12↗2020-02-12

▶

💬Community

Bugzilla

CVE-2020-2110 jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations↗2020-03-31

▶

Bugzilla

CVE-2020-2110 jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations [fedora-30]↗2020-03-31

▶