Critical severityNVD Advisory· Published Sep 23, 2020· Updated Aug 4, 2024
CVE-2020-2279
CVE-2020-2279
Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:script-securityMaven | >= 1.67, < 1.75 | 1.75 |
org.jenkins-ci.plugins:script-securityMaven | < 1.66.5 | 1.66.5 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-ccr8-4xr7-cgj3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-2279ghsaADVISORY
- www.openwall.com/lists/oss-security/2020/09/23/1ghsamailing-listx_refsource_MLISTWEB
- github.com/CVEProject/cvelist/blob/16860a328d970faa6e4350b0fa446f64a52e52ca/2020/2xxx/CVE-2020-2279.jsonghsaWEB
- github.com/jenkinsci/script-security-plugin/commit/79d1e9207c5c359ca779b92f0a290e18c5e2387bghsaWEB
- www.jenkins.io/security/advisory/2020-09-23/ghsax_refsource_CONFIRMWEB
News mentions
1- Jenkins Security Advisory 2020-09-23Jenkins Security Advisories · Sep 23, 2020