This security bulletin contains one medium risk vulnerability.
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the sandbox protection bypass in the affected plugin. A remote authenticated attacker can provide a specially crafted return values or script binding content and execute arbitrary code on the Jenkins controller JVM.Mitigation
Install updates from vendor's website.Vulnerable software versions
Script Security: 1.0 - 1.74Fixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?