Arbitrary Code Execution
Affecting org.jenkins-ci.plugins:script-security artifact, versions [,1.51)
org.jenkins-ci.plugins:script-security is a allows Jenkins administrators to control what in-process scripts can be run by less-privileged users.
Affected versions of this package are vulnerable to Arbitrary Code Execution.
An attacker with
Overall/Read permission could provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
org.jenkins-ci.plugins:script-security to version 1.51 or higher.
Do your applications use this vulnerable package?