A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:0560 https://access.redhat.com/errata/RHSA-2023:0560
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2023:0777 https://access.redhat.com/errata/RHSA-2023:0777
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.12 Via RHSA-2023:1064 https://access.redhat.com/errata/RHSA-2023:1064
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.11 Via RHSA-2023:3198 https://access.redhat.com/errata/RHSA-2023:3198
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-43406