Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Openshift Pipeline Security Vulnerabilities

cve
cve

CVE-2023-3361

A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes...

7.7CVSS

7.5AI Score

0.001EPSS

2023-10-04 12:15 PM
23
cve
cve

CVE-2020-2167

Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution...

8.8CVSS

8.9AI Score

0.008EPSS

2020-03-25 05:15 PM
45
cve
cve

CVE-2019-10357

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global...

4.3CVSS

4.4AI Score

0.001EPSS

2019-07-31 01:15 PM
51
cve
cve

CVE-2019-1003041

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed...

9.8CVSS

9.4AI Score

0.017EPSS

2019-03-28 06:29 PM
60
cve
cve

CVE-2019-1003030

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master...

9.9CVSS

9.6AI Score

0.006EPSS

2019-03-08 09:29 PM
882
In Wild
cve
cve

CVE-2019-1003002

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...

8.8CVSS

8.8AI Score

0.627EPSS

2019-01-22 02:29 PM
55
cve
cve

CVE-2019-1003001

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a.....

8.8CVSS

8.8AI Score

0.627EPSS

2019-01-22 02:29 PM
58
cve
cve

CVE-2018-1000866

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure...

8.8CVSS

8.9AI Score

0.003EPSS

2018-12-10 02:29 PM
32