https://bugzilla.redhat.com/show_bug.cgi?id=1819093
Bug ID: 1819093
Summary: CVE-2020-2110 jenkins-2-plugins: sandbox protection
bypass during script compilation phase by applying AST
transforming annotations
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: abenaiss(a)redhat.com, aos-bugs(a)redhat.com,
bmontgom(a)redhat.com, eparis(a)redhat.com,
extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jokerman(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com,
nstielau(a)redhat.com, pbhattac(a)redhat.com,
sponnaga(a)redhat.com, vbobade(a)redhat.com
Target Milestone: ---
Classification: Other
A vulnerability was found in Jenkins Script Security Plugin 1.69 and earlier,
where sandbox protection could be circumvented during the script compilation
phase by applying AST transforming annotations to imports or by using them
inside of other annotations.
Reference:
http://www.openwall.com/lists/oss-security/2020/02/12/3
--
You are receiving this mail because:
You are on the CC list for the bug.