CVE-2020-2279

Опубликовано: 23 сент. 2020

Источник: nvd

CVSS3: 9.9

CVSS2: 6.5

EPSS Низкий

Описание

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Ссылки

http://www.openwall.com/lists/oss-security/2020/09/23/1
Third Party Advisory
https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020
Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/09/23/1
Third Party Advisory
https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*

Версия до 1.74 (включая)

EPSS

Процентиль: 52%

0.00285

Низкий

9.9 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-ccr8-4xr7-cgj3