CVE-2020-2135: Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
jenkins	audit_trail_plugin	—	—
jenkins	backlog_plugin	—	—
jenkins	cobertura_plugin	—	—
jenkins	credentials_plugin	—	—
jenkins	cryptomove_plugin	—	—
jenkins	deployhub_plugin	—	—
jenkins	git_plugin	—	—
jenkins	literate_plugin	—	—
jenkins	logstash_plugin	—	—
jenkins	mac_cloud_host_launched_by_the_plugin	—	—
jenkins	mac_plugin	—	—
jenkins	openshift_deployer_plugin	—	—
jenkins	p4_plugin	—	—
jenkins	quality_gates_plugin	—	—
jenkins	repository_connector_plugin	—	—
jenkins	rundeck_plugin	—	—
jenkins	sandbox_protection_in_script_security_plugin	—	—
jenkins	script_security	<= 1.70	—
jenkins	script_security_plugin	—	—
jenkins	skytap_cloud_ci_plugin	—	—
jenkins	sonar_quality_gates_plugin	—	—
jenkins	subversion_release_manager_plugin	—	—
jenkins	timestamper_plugin	—	—
jenkins	yaml_input_files_to_literate_plugin	—	—
jenkins	zephyr_enterprise_test_management_plugin	—	—