179 matches found
EUVD-2022-5735
Malicious code in bioql PyPI...
EUVD-2022-0852
Malicious code in bioql PyPI...
EUVD-2022-3993
Malicious code in bioql PyPI...
EUVD-2022-3340
Malicious code in bioql PyPI...
CVE-2019-1003006
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkin...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
CVE-2024-52550
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action. Mitigation...
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer...
GHSA-MRPR-VR82-X88R Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer...
CVE-2024-52550
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer approv...
CVE-2024-52550
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer approv...
CVE-2024-52550
CVE-2024-52550 affects Jenkins Pipeline: Workflow CPS (and related Jenkins Pipeline/Groovy stack) where there is a lack of approval check for rebuilt Jenkins pipelines. The issue allows users with Item/Build permissions to rebuild a previous build whose Jenkinsfile is no longer approved. A PoC/ex...
PT-2024-35372 · Jenkins · Jenkins Pipeline: Groovy Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 3990.vd281dd77a 388 and earlier, except version 3975.3977.v478dd9e956c3 Description: The issue allows attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no...
VulnCheck KEV: CVE-2019-1003001
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a...
jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin
A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...
Critical: Red Hat Security Advisory: OpenShift Developer Tools and Services for OCP 4.12 security update
An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...