This security bulletin contains one high risk vulnerability.
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the sandbox protection in the affected plugin can be circumvented through default parameter expressions in constructors. A remote authenticated attacker can specify and run sandboxed scripts to execute arbitrary code in the context of the Jenkins master JVM.Mitigation
Install updates from vendor's website.Vulnerable software versions
Script Security: 1.0 - 1.64Fixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?