CVE-2020-2279

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Published: Sep 23, 2020
Updated: May 9, 2024
CVE: CVE-2020-2279
GHSA: GHSA-ccr8-4xr7-cgj3
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.9
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-693

Affected Software
References

Software	From	Fixed in
jenkins / script_security	-	1.74.x
org.jenkins-ci.plugins / script-security	-	1.75

http://www.openwall.com/lists/oss-security/2020/09/23/1
https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020

Vulnerability Database

289,599

CVE-2020-2279