Closed XmiliaH closed 5 years ago
@XmiliaH Thanks for the report! Fixed in https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20(2)
As you may have noticed, this issue tracker is not well monitored. In the future, please report issues as described on https://jenkins.io/security/#reporting-vulnerabilities
Would you like to be credited with this discovery in the security advisory, and if so, how?
The left side of
.&
will not be sandbox transformed, so{'not-sandboxed'}().&x
will not transform the closure body. In the body you can than remove all the filters. Here an example: