The Jenkins Pipeline: Groovy sandbox protection could be circumvented during parsing, compilation, and script instantiation by providing a crafted Groovy script. This allowed users able to control the contents of a pipeline to bypass the sandbox protection and execute arbitrary code on the Jenkins master. Pipeline: Groovy Plugin now uses Script Security APIs that apply sandbox protection during these phases. External Reference: https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(2)
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2019:0739 https://access.redhat.com/errata/RHSA-2019:0739