CVE-2020-2134: 
Java vulnerability analysis and mitigation

CVE-2020-2134 is a high-severity vulnerability discovered in Jenkins Script Security Plugin version 1.70 and earlier, disclosed on March 9, 2020. The vulnerability affects the sandbox protection mechanism of the plugin, which could be circumvented through crafted constructor calls and bodies. This vulnerability was identified as part of SECURITY-1754 and was discovered by Nils Emmerich of ERNW Research GmbH (Jenkins Advisory).

The vulnerability exists in the sandbox protection mechanism of the Script Security Plugin, where attackers could bypass security restrictions through crafted constructor calls and bodies. This bypass was possible due to an incomplete fix of a previous vulnerability (SECURITY-582). The vulnerability has a high severity rating according to CVSS scoring system. The issue was fixed in Script Security Plugin version 1.71 by implementing additional restrictions and sanity checks to ensure that super constructors cannot be constructed without being intercepted by the sandbox (Jenkins Advisory).

The vulnerability allows attackers with the ability to specify and run sandboxed scripts to execute arbitrary code in the context of the Jenkins controller JVM. This means that successful exploitation could lead to complete compromise of the Jenkins instance (Jenkins Advisory).

The recommended mitigation is to upgrade the Script Security Plugin to version 1.71 or later. The fixed version includes additional restrictions and sanity checks to prevent sandbox bypass through super constructor calls. The update ensures that super constructors cannot be constructed without being intercepted by the sandbox (Jenkins Advisory).