Loading
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
Use Jenkins vendor hub and Script Security product page to widen CVE-2019-1003029 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2022-43404, CVE-2022-43403 and CVE-2022-43401 for nearby disclosures in the same product family. Additional editorial context is available in Cybersecurity Weekly Roundup: April 22, 2026 — Critical Zero-Days and Framework Failures.