CVE-2020-2279

CWE-6935 documents5 sources

Severity

9.9CRITICAL

EPSS

0.3%

top 48.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Script Security Plugin Jenkins Script Security

Timeline

PublishedSep 23

Latest updateMay 24

Description

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_script_security_pluginunspecified — 1.74

▶Mavenorg.jenkins-ci.plugins:script-security1.67 — 1.75+1

▶NVDjenkins/script_security1.74

🔴Vulnerability Details

OSV

Sandbox bypass vulnerability in Jenkins Script Security Plugin↗2022-05-24

▶

GHSA

Sandbox bypass vulnerability in Jenkins Script Security Plugin↗2022-05-24

▶

CVEList

CVE-2020-2279: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1↗2020-09-23

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-09-23↗2020-09-23

▶