A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.

Affected Packages

Maven org.jenkins-ci.plugins:script-security

Affected versions: 0 (fixed in 1.54)

Related CVEs

CVE-2019-1003029

Key Information

GHSA ID

GHSA-xvxq-hq48-xphm

Published

May 13, 2022 1:00 AM

Last Modified

July 5, 2024 5:55 PM

CVSS Score

9.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:script-security

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.