A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Affected Packages

Maven org.jenkins-ci.plugins:script-security

Affected versions: 0 (fixed in 1229.v4880b)

Related CVEs

CVE-2023-24422

Key Information

GHSA ID

GHSA-76qj-9gwh-pvv3

Published

January 26, 2023 9:30 PM

Last Modified

February 6, 2023 4:45 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:script-security

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.