Georgy Noseevich

Name of the Vulnerable Software and Affected Versions: Jenkins Email Extension Plugin versions 2.64 and earlier Description: A sandbox bypass issue exists that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. The issue is related to files such as `pom.xml`, `ExtendedEmailPublisher.java`, `EmailExtScript.java`, `ScriptContent.java`, and `AbstractScriptTrigger.java`. Recommendations: For Jenkins Email Extension Plugin versions 2.64 and earlier, update to a version later than 2.64 to resolve the issue. As a temporary workaround, consider restricting Job/Configure permissions to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Jenkins Groovy Plugin versions 2.1 and earlier Description: A sandbox bypass issue exists that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. The issue is related to the `src/main/java/hudson/plugins/groovy/StringScriptSource.java` file. Recommendations: For Jenkins Groovy Plugin versions 2.1 and earlier, update to version 2.2 or later, which uses Script Security APIs to apply sandbox protection. As a temporary workaround, consider restricting access to the Jenkins master JVM to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins Pipeline: Groovy Plugin versions 2.63 and earlier **Description** A sandbox bypass issue exists that allows attackers who can control pipeline scripts to execute arbitrary code on the Jenkins master JVM. The vulnerability is related to errors in handling input data during code syntax analysis in components such as pom.xml and CpsGroovyShell.java. This could enable a remote attacker to bypass sandbox restrictions and execute arbitrary code. **Recommendations** For Jenkins Pipeline: Groovy Plugin versions 2.63 and earlier, update to a version later than 2.63 to resolve the issue. As a temporary workaround, consider restricting access to the Jenkins master JVM to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins Script Security Plugin versions 1.53 and earlier **Description** A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. The issue is related to errors in handling input data during code syntax analysis in the GroovySandbox.java and SecureGroovyScript.java components. This vulnerability can be exploited by a remote attacker to escape the isolated software environment and execute arbitrary code. **Recommendations** For Jenkins Script Security Plugin versions 1.53 and earlier, update to a version later than 1.53 to resolve the issue. As a temporary workaround, consider restricting access to the GroovySandbox.java and SecureGroovyScript.java components to minimize the risk of exploitation.