CVE-2018-1000865

Name of the Vulnerable Software and Affected Versions: Script Security Plugin versions 1.47 and earlier

Description: A sandbox bypass issue exists that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed. This is related to the SandboxTransformer.java file in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/.

Recommendations: For Script Security Plugin versions 1.47 and earlier, consider updating to a version that contains a fix for this issue, as no specific workaround is provided for these versions. As a temporary mitigation measure, restrict access to plugins that utilize the Groovy sandbox to minimize the risk of exploitation.