GHSA-qvmf-36h5-3f5v

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qvmf-36h5-3f5v/GHSA-qvmf-36h5-3f5v.json
Aliases
  • CVE-2020-2110
Published
2022-05-24T17:08:45Z
Modified
2022-06-24T01:33:40.853544Z
Details

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

References

Affected packages

Maven / org.jenkins-ci.plugins:script-security

org.jenkins-ci.plugins:script-security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
1.70

Affected versions

1.*

1.0
1.0-beta-1
1.0-beta-2
1.0-beta-3
1.0-beta-4
1.0-beta-5
1.0-beta-6
1.1
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.18.1
1.19
1.2
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28
1.29
1.29.1
1.3
1.30
1.31
1.33
1.34
1.35
1.36
1.37
1.38
1.39
1.4
1.40
1.41
1.42
1.43
1.44
1.44.1
1.45
1.46
1.46.1
1.47
1.48
1.49
1.5
1.50
1.51
1.52
1.53
1.54
1.54.1
1.54.2
1.54.3
1.54.4
1.55
1.56
1.57
1.57.1
1.57.2
1.57.3
1.57.4
1.57.5
1.57.6
1.58
1.59
1.6
1.60
1.60.1
1.61
1.62
1.63
1.63.1
1.64
1.65
1.66
1.66.1
1.66.2
1.66.3
1.66.4
1.66.5
1.67
1.68
1.69
1.7
1.8
1.9

Database specific

{
    "last_known_affected_version_range": "<= 1.69"
}