CVE-2020-2110 – org.jenkins-ci.plugins:script-security

Package

Manager: maven
Name: org.jenkins-ci.plugins:script-security
Vulnerable Version: >=0 <1.70

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01291 pctl0.78898

Details

Improper Input Validation in Jenkins Script Security Plugin Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

Metadata

Created: 2022-05-24T17:08:45Z
Modified: 2022-06-24T00:59:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qvmf-36h5-3f5v/GHSA-qvmf-36h5-3f5v.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-qvmf-36h5-3f5v
Finding: F184
Auto approve: 1