Vulnerability identifier: #VU21571
Vulnerability risk: High
Exploitation vector: Network
Exploit availability: Yes
The vulnerability allows a remote attacker to bypass sandbox restrictions.
The vulnerability exists due to improper access restrictions in "src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java". A remote authenticated attacker with Overall/Read permission can provide a Groovy script to an HTTP endpoint execute arbitrary code on the Jenkins master JVM.
Install updates from vendor's website.
Vulnerable software versions
Script Security: 1.0 - 1.50
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?