GHSA-c3jm-9vj7-5v66HighCVSS 8.8
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit...
🔗 CVE IDs covered (1)
📋 Description
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.