Aleksandr Kazakov

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Supporting APIs Plugin versions 2.17 and earlier Description: The issue is related to incomplete sandbox protection, allowing arbitrary code execution. Methods like `readResolve` implemented in Pipeline scripts, related to Java deserialization, were not subject to sandbox protection and could execute arbitrary code. This could be exploited by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. Recommendations: For Jenkins Pipeline: Supporting APIs Plugin versions 2.17 and earlier, update to a version later than 2.17 to resolve the issue. As a temporary workaround, consider restricting the permission to configure Pipelines in Jenkins to minimize the risk of exploitation.