The Jenkins Script Security Plugin contains a high-severity flaw that may allow unauthorized actors to bypass security controls and execute arbitrary code within the Jenkins environment.

This vulnerability involves a failure in the Script Security Plugin's ability to properly enforce security policies for script execution. Depending on the configuration, an authenticated user—or in some scenarios, an unauthenticated attacker—could potentially execute unauthorized scripts on the Jenkins controller.

With a CVSS score of 8.8, this vulnerability represents a severe threat to CI/CD pipeline integrity. Successful exploitation could grant an attacker full control over Jenkins tasks, leading to the exfiltration of build secrets, source code compromise, or the injection of malicious code into downstream production deployments.

Immediate Action: Upgrade the Jenkins Script Security Plugin to the latest patched version provided by the Jenkins project.

Proactive Monitoring: Review Jenkins audit logs for unauthorized script execution attempts or modifications to existing pipeline configurations.

Compensating Controls: Implement strict Role-Based Access Control (RBAC) and limit the ability of users to define or modify scripts within the Jenkins environment.

Public Exploit Available: false

Jenkins instances are high-value targets for supply chain attacks. It is imperative that security teams audit their Jenkins plugin configurations and apply the necessary updates immediately to prevent potential remote code execution and unauthorized access to build infrastructure.