GHSA-c3jm-9vj7-5v66HighCVSS 8.8

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit...

Published
June 24, 2026
Last Modified
June 24, 2026

🔗 CVE IDs covered (1)

📋 Description

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.

🔗 References (3)