Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57284

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3802

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.02507EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 7:40 a.m.10 views

CVE-2019-1003006

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkin...

8.8CVSS7.4AI score0.0155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/10/19 4:15 p.m.4 views

CVE-2022-43402

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea628154bc2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection...

9.9CVSS6.1AI score0.0116EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/08/19 4:38 a.m.53 views

CVE-2022-30945

A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Shared Libraries to execute without sandbox protection. The issue is that the plugin allows any Groovy source files bundled with Jenkins core and plugins to be loaded...

8.5CVSS1.2AI score0.01244EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.7 views

CVE-2022-25173

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted...

8.8CVSS7.4AI score0.01422EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/03/08 12:0 a.m.5 views

PT-2019-11327 · Jenkins · Jenkins Groovy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Groovy Plugin versions 2.1 and earlier Description: A sandbox bypass issue exists that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. The issue is related to the...

8.8CVSS8.8AI score0.02507EPSS
Exploits0References6
Rows per page
Query Builder