CVE-2020-2134

CWE-863Incorrect AuthorizationCWE-6938 documents7 sources
Severity
8.8HIGH
EPSS
0.2%
top 59.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Script Security PluginJenkins Script Security
Timeline
PublishedMar 9
Latest updateMay 24

Description

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_script_security_pluginunspecified1.70

🔴Vulnerability Details

3
GHSA
Sandbox bypass vulnerability in Script Security Plugin2022-05-24
OSV
Sandbox bypass vulnerability in Script Security Plugin2022-05-24
CVEList
CVE-2020-2134: Sandbox protection in Jenkins Script Security Plugin 12020-03-09

📋Vendor Advisories

2
Red Hat
jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies2020-03-09
Jenkins
Jenkins Security Advisory 2020-03-092020-03-09

💬Community

2
Bugzilla
CVE-2020-2134 jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies [fedora-30]2020-03-31
Bugzilla
CVE-2020-2134 jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies2020-03-31
CVE-2020-2134 (HIGH CVSS 8.8) | Sandbox protection in Jenkins Scrip | cvebase.io