Design/Logic Flaw

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotelyRCE...

CVE-2021-23259 Groovy Sandbox Bypass

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotelyRCE...

CVE-2021-23259

Crafter CMS vulnerability CVE-2021-23259 allows authenticated users with Administrator or Developer roles to execute OS commands via a Groovy Script that renders pages. The root cause is Groovy script execution without security restrictions, enabling remote command execution (RCE). This is descri...

PT-2021-15419

Name of the Vulnerable Software and Affected Versions Atlassian Confluence versions prior to 7.4.11 Atlassian Confluence versions 7.3.0 through 7.3.6 Atlassian Confluence versions 7.0.0 through 7.0.14 Atlassian Confluence versions 6.13.0 through 6.15.9 Description The issue allows authenticated...

OpenIAM Remote Code Execution Vulnerability

OpenIAM is a fully integrated identity and access management platform. A remote code execution vulnerability exists in OpenIAM versions prior to 4.2.0.3. An attacker can exploit this vulnerability to execute arbitrary code via Groovy Script...

CVE-2020-13420

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script...

CVE-2020-13420

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script...

Code injection

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script...

CVE-2020-13420

OpenIAM prior to 4.2.0.3 is affected by CVE-2020-13420, described as remote code execution via Groovy Script. The available sources consistently identify the affected software as OpenIAM and indicate remediation by upgrading to 4.2.0.3 or later. The initial documents do not provide explicit root-...

CVE-2020-13420

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script...

OpenIAM 安全漏洞

OpenIAM is a fully integrated identity and access management platform. A remote code execution vulnerability exists in OpenIAM versions prior to 4.2.0.3. An attacker can exploit this vulnerability to execute arbitrary code via Groovy Script...

CVE-2021-21248 Post-Auth Arbitrary Code execution via Groovy script injection

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job paramete...

CVE-2019-12180

An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...

PT-2019-11784 · Jenkins · Jenkins Splunk Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Splunk Plugin versions 1.7.4 and earlier Description: A sandbox bypass issue allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM by providing a Groovy script to an HTTP endpoint. This is...

The vulnerability of the SecureGroovyScript.java component of the Jenkins Script Security plugin allows a perpetrator to execute arbitrary code.

The vulnerability of the SecureGroovyScript.java component src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java of the Jenkins Script Security plugin is related to errors in processing Groovy scripts. Exploiting this vulnerability can allow a malicious actor t...

CVE-2019-11444

An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Valid...

CVE-2019-11444

An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Valid...

Input validation

DISPUTED An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Vali...

CVE-2019-11444

An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Valid...

PT-2019-12309 · Liferay · Liferay Portal

Name of the Vulnerable Software and Affected Versions: Liferay Portal CE version 7.1.2 GA3 Description: An issue in Liferay Portal CE allows an attacker to execute OS commands using the Groovy script console. This can be achieved via a command.execute call. The attacker needs valid credentials fo...