CVE-2019-10394 jenkins-script-security-plugin: handling of property names in property expressions on the left-hand side of assignment expression leads to execute arbitrary code in sandboxed scripts
DescriptionDhananjay Arunesh
2020-04-01 10:38:55 UTC
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.
Reference:
http://www.openwall.com/lists/oss-security/2019/09/12/2
Comment 1Dhananjay Arunesh
2020-04-01 10:39:28 UTC
Created jenkins-script-security-plugin tracking bugs for this issue:
Affects: fedora-30 [bug 1819693]