CVE-2020-2279

Summary

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Script Security Pluginunspecified <= 1.74affected
Jenkins projectJenkins Script Security Plugin1.66.5unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References