CVE-2020-2109: Improper Input Validation

May 24, 2022 (updated June 24, 2022)

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods.

References

www.openwall.com/lists/oss-security/2020/02/12/3
github.com/advisories/GHSA-99mf-f3qh-wqrp
jenkins.io/security/advisory/2020-02-12/
nvd.nist.gov/vuln/detail/CVE-2020-2109

Code Behaviors & Features

Detect and mitigate CVE-2020-2109 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →