A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. Reference: http://www.openwall.com/lists/oss-security/2019/09/12/2
Created jenkins-script-security-plugin tracking bugs for this issue: Affects: fedora-30 [bug 1819699]
External References: https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538
Fixed in OpenShift Container Platform 3.11 in the below advisory: https://access.redhat.com/errata/RHSA-2019:4055
Fixed in OpenShift Container Platform 4.2 in the below advisory: https://access.redhat.com/errata/RHSA-2019:4097
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10393