A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts. Reference: http://www.openwall.com/lists/oss-security/2019/09/12/2
Created jenkins-script-security-plugin tracking bugs for this issue: Affects: fedora-30 [bug 1819693]
Fixed in OpenShift Container Platform 3.11 in the below advisory: https://access.redhat.com/errata/RHSA-2019:4055
External References: https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538
Fixed in OpenShift Container Platform 4.2 in the below advisory: https://access.redhat.com/errata/RHSA-2019:4097
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10394