CVE-2020-2135

CWE-863Incorrect AuthorizationCWE-693CWE-94Code InjectionCWE-787Out-of-bounds Write9 documents7 sources
Severity
8.8HIGH
EPSS
0.2%
top 59.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Script Security PluginJenkins Script Security
Timeline
PublishedMar 9
Latest updateJun 20

Description

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_script_security_pluginunspecified1.70

🔴Vulnerability Details

3
GHSA
Sandbox bypass vulnerability in Script Security Plugin2022-05-24
OSV
Sandbox bypass vulnerability in Script Security Plugin2022-05-24
CVEList
CVE-2020-2135: Sandbox protection in Jenkins Script Security Plugin 12020-03-09

📋Vendor Advisories

3
Red Hat
vim: buffer overflow2023-06-20
Jenkins
Jenkins Security Advisory 2020-03-092020-03-09
Red Hat
jenkins-script-security-plugin: sandbox protection bypass leads to arbitrary code execution2020-03-09

💬Community

2
Bugzilla
CVE-2020-2135 jenkins-script-security-plugin: sandbox protection bypass leads to arbitrary code execution2020-03-31
Bugzilla
CVE-2020-2135 jenkins-script-security-plugin: sandbox protection bypass leads to arbitrary code execution [fedora-30]2020-03-31
CVE-2020-2135 (HIGH CVSS 8.8) | Sandbox protection in Jenkins Scrip | cvebase.io