cbcvebase.
CVE-2020-2279
published 2020-09-23

CVE-2020-2279: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide…

critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Affected

10 ranges
VendorProductVersion rangeFixed in
jenkinsemail_extension_plugin
jenkinsimplied_labels_plugin
jenkinsliquibase_changesets_evaluated_by_the_plugin
jenkinsliquibase_runner_plugin
jenkinslockable_resources_plugin
jenkinsscript_security<= 1.74
jenkinsscript_security_plugin
jenkinswarnings_next_generation_plugin
jenkinswarnings_plugin
jenkins_projectjenkins_script_security_pluginunspecified – 1.74