[java-sig-commits] [Bug 1819078] New: CVE-2020-2135 jenkins-2-plugins: sandbox protection bypass leads to arbitrary code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1819078 Bug ID: 1819078 Summary: CVE-2020-2135 jenkins-2-plugins: sandbox protection bypass leads to arbitrary code execution Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: darunesh(a)redhat.com CC: abenaiss(a)redhat.com, aos-bugs(a)redhat.com, bmontgom(a)redhat.com, eparis(a)redhat.com, extras-orphan(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jburrell(a)redhat.com, jokerman(a)redhat.com, mizdebsk(a)redhat.com, msrb(a)redhat.com, nstielau(a)redhat.com, pbhattac(a)redhat.com, sponnaga(a)redhat.com, vbobade(a)redhat.com Target Milestone: --- Classification: Other A vulnerability was found in Jenkins Script Security Plugin 1.70 and earlier, where sandbox protection earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. Reference: http://www.openwall.com/lists/oss-security/2020/03/09/1 -- You are receiving this mail because: You are on the CC list for the bug.