CVE-2019-1003029

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions 1.53 and earlier

Description A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. The issue is related to errors in handling input data during code syntax analysis in the GroovySandbox.java and SecureGroovyScript.java components. This vulnerability can be exploited by a remote attacker to escape the isolated software environment and execute arbitrary code.

Recommendations For Jenkins Script Security Plugin versions 1.53 and earlier, update to a version later than 1.53 to resolve the issue. As a temporary workaround, consider restricting access to the GroovySandbox.java and SecureGroovyScript.java components to minimize the risk of exploitation.