Review
Jenkins project
CVE published 2019-01-22
CVE-2019-1003000
CVE-2019-1003000 describes a sandbox bypass in Jenkins Script Security Plugin 1.49 and earlier. If an attacker can provide sandboxed scripts, the flaw may let them escape the intended restrictions and execute arbitrary code on the Jenkins master JVM. Because the controller/master is central to Jenkins operations, this is a high-impact issue for environments that accept or process untrusted Groovy scripts.