Lucene search
K

179 matches found

RedHat Linux
RedHat Linux
added 2023/01/12 4:49 p.m.6 views

plugin: Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Pipeline: Groovy Plugin

A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Shared Libraries to execute without sandbox protection. The issue is that the plugin allows any Groovy source files bundled with Jenkins core and plugins to be loaded...

8.5CVSS5.8AI score0.01328EPSS
Exploits0References5
Veracode
Veracode
added 2022/10/20 12:49 p.m.24 views

Sandbox Bypass

Groovy Plugin is vulnerable to Sandbox Bypass. The vulnerability exists because low privileged users are allowed to define scripts as a sandbox feature which allows an attacker to bypass sandbox protection and execute arbitrary code...

9.9CVSS9.2AI score0.0116EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/10/19 7:0 p.m.42 views

GHSA-MQC2-W9R8-MMXM Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea628154bc2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection...

9.9CVSS9.6AI score0.0116EPSS
Exploits0References3
OSV
OSV
added 2022/10/19 7:0 p.m.48 views

GHSA-27RF-8MJP-R363 Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

8.8CVSS9.9AI score0.01095EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.47 views

Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea628154bc2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection...

9.9CVSS9.3AI score0.0116EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/10/19 7:0 p.m.56 views

GHSA-7VR5-72W7-Q6JC Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

8.8CVSS9.9AI score0.01211EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.46 views

Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

9.9CVSS9.5AI score0.01428EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2022/10/19 4:15 p.m.29 views

CVE-2022-43402

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea628154bc2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection...

9.9CVSS0.0116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/10/19 4:15 p.m.5 views

CVE-2022-43402

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea628154bc2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection...

9.9CVSS6.1AI score0.0116EPSS
Exploits0References4
OSV
OSV
added 2022/10/19 4:15 p.m.5 views

CVE-2022-43402

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea628154bc2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection...

9.9CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/08/19 4:38 a.m.53 views

CVE-2022-30945

A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Shared Libraries to execute without sandbox protection. The issue is that the plugin allows any Groovy source files bundled with Jenkins core and plugins to be loaded...

8.5CVSS1.2AI score0.01328EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/06/16 12:0 a.m.70 views

Jenkins plugins Multiple Vulnerabilities (2022-05-17)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenki...

8.8CVSS7.2AI score0.71943EPSS
Exploits0References29
Github Security Blog
Github Security Blog
added 2022/05/24 5:8 p.m.28 views

Improper Input Validation in Jenkins Pipeline: Groovy Plugin

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

8.8CVSS8.3AI score0.01267EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/24 5:8 p.m.13 views

GHSA-99MF-F3QH-WQRP Improper Input Validation in Jenkins Pipeline: Groovy Plugin

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

8.8CVSS5.8AI score0.01267EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/18 12:0 a.m.64 views

Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin

Pipeline: Groovy Plugin allows pipelines to load Groovy source files. This is intended to be used to allow Global Shared Libraries to execute without sandbox protection. In Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier, any Groovy source files bundled with Jenkins core and plugins could ...

8.5CVSS8.3AI score0.01328EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2022/05/17 3:15 p.m.14 views

CVE-2022-30945

Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines...

8.5CVSS0.01328EPSS
Exploits0References2
OSV
OSV
added 2022/05/17 3:15 p.m.5 views

CVE-2022-30945

Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines...

8.5CVSS7.9AI score
Exploits0References2
Prion
Prion
added 2022/05/17 3:15 p.m.23 views

Code injection

Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines...

6.8CVSS8.3AI score0.01328EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/17 3:15 p.m.9 views

CVE-2022-30945

Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines...

8.5CVSS7.3AI score0.01328EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/05/17 2:5 p.m.34 views

CVE-2022-30945

Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines...

8.7AI score0.01328EPSS
Exploits0References2
Rows per page
Query Builder