10

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-2279

GHSA ID

GHSA-ccr8-4xr7-cgj3

EPSS Score

0.5167%

CWE

CWE-693

Published

5/24/2022

Updated

12/14/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-2279

CVE-2020-2279: Sandbox bypass vulnerability in Jenkins Script Security Plugin

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be allowed.

In Script Security Plugin 1.75 and 1.66.5, any calls from outside a sandboxed script to code defined inside a sandboxed script were always allowed. As sandboxed scripts can communicate their results through script return values and similar mechanisms, this could result in code defined inside of a sandboxed script to be called without sandbox protection.

This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Script Security Plugin 1.75 and 1.66.5 will prevent code defined inside a sandbox from being invoked outside a sandboxed script.

In rare cases, invocations of sandboxed scripts may begin failing if the script return value or script binding include code defined in the sandbox and is further processed by the calling code. To resolve this issue, the affected values need to be converted inside the sandboxed script to a known safe type, such as String.

For compatibility with this change, the following plugins should be upgraded to the versions specified:

Email Extension Plugin should be updated to version 2.77 or newer.
Warnings Next Generation Plugin should be updated to version 8.4.3 or newer.
Warnings Plugin should be updated to version 5.0.2 or newer.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-2279

CVE-2020-2279:

10

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-2279

GHSA ID

GHSA-ccr8-4xr7-cgj3

EPSS Score

0.5167%

CWE

CWE-693

Published

5/24/2022

Updated

12/14/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:script-security	maven	>= 1.67, < 1.75	1.75
org.jenkins-ci.plugins:script-security	maven	< 1.66.5	1.66.5

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper sandbox enforcement when handling return values from sandboxed scripts. The commit diff shows an upgrade to groovy-sandbox 1.27, which introduced proper interception of method calls on sandbox-defined objects. The added test case 'unsafeReturnValue' demonstrates that prior versions allowed invoking methods (like toString()) on objects created in sandboxed scripts without security checks. The core issue was in the interceptor logic (likely in SandboxInterceptor) that failed to apply sandbox protections to these cross-context method calls. The vulnerability is tied to the plugin's dependency on an outdated groovy-sandbox version (1.26), which lacked proper interception for return value processing.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

10

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-2279: Sandbox bypass vulnerability in Jenkins Script Security Plugin

CVE-2020-2279:

10

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

10

10

Basic Information

Basic Information

CVE-2020-2279: Sandbox bypass vulnerability in Jenkins Script Security Plugin

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI