Protection Mechanism Failure
CVE-2020-2279
Summary
A sandbox bypass vulnerability in Jenkins Script Security Plugin versions prior to 1.75 allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM. This issue affects org.kohsuke:groovy-sandbox versions prior to 1.27.
- LOW
- NETWORK
- HIGH
- CHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-693 - Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
References
Advisory Timeline
- Published
