The Jenkins Job DSL Plugin supports sandboxed Groovy expressions for Job DSL definitions. Its sandbox protection could be circumvented during parsing, compilation, and script instantiation by providing a crafted Groovy script. This allowed users able to control the Job DSL scripts to bypass the sandbox protection and execute arbitrary code on the Jenkins master. Job DSL Plugin now uses Script Security APIs that apply sandbox protection during these phases. External Reference: https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2019:0739 https://access.redhat.com/errata/RHSA-2019:0739