{"containers": {"cna": {"affected": [{"product": "Jenkins Script Security Plugin", "vendor": "Jenkins project", "versions": [{"lessThanOrEqual": "1.69", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T16:05:06.077Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713"}, {"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2020-2110", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins Script Security Plugin", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.69"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-265"}]}]}, "references": {"reference_data": [{"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713"}, {"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:01:39.727Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713"}, {"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"}]}]}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2020-2110", "datePublished": "2020-02-12T14:35:40", "dateReserved": "2019-12-05T00:00:00", "dateUpdated": "2024-08-04T07:01:39.727Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "18466578-DC29-46E1-BA00-D1FC9B67A95B", "versionEndIncluding": "1.69", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations."}, {"lang": "es", "value": "La protecci\u00f3n de Sandbox en Jenkins Script Security Plugin versiones 1.69 y anteriores, podr\u00eda omitirse durante la fase de compilaci\u00f3n del script mediante la aplicaci\u00f3n de anotaciones de transformaci\u00f3n AST para las importaciones o al usarlas dentro de otras anotaciones."}], "id": "CVE-2020-2110", "lastModified": "2024-11-21T05:24:40.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-12T15:15:12.507", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2478", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-2-plugins-0:3.11.1591354111-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHSA-2020:3616", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "jenkins-2-plugins-0:4.3.1597915133-1.el7", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-09-09T00:00:00Z"}, {"advisory": "RHSA-2020:2737", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "jenkins-2-plugins-0:4.4.1592817009-1.el7", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-29T00:00:00Z"}], "bugzilla": {"description": "jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations", "id": "1819093", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819093"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations."], "name": "CVE-2020-2110", "public_date": "2020-03-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-2110\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2110\nhttps://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713"], "threat_severity": "Important", "upstream_fix": "jenkins-script-security-plugin 1.70"}