Primary

Context

Jenkins Templating Engine Plugin Script Security Sandbox Bypass Vulnerability

Vulnerability

Patched

A script security sandbox bypass vulnerability has been identified in the Jenkins Templating Engine Plugin versions through 2.5.3. Libraries defined in folders are not subject to sandbox protection, allowing users with Item/Configure permission to execute arbitrary code in the Jenkins controller JVM.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the context of the Jenkins controller JVM.

Remediation

Users of the Templating Engine Plugin should update to version 2.5.4, which applies the necessary sandbox protection to libraries defined in folders.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Templating Engine Plugin Script Security Sandbox Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Jenkins Templating Engine Plugin

Jenkins AsakusaSatellite Plugin

Jenkins Cadence vManager Plugin

Jenkins monitor-remote-job Plugin

Jenkins Simple Queue Plugin

Jenkins Stack Hammer Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating