13 matches found
CVE-2026-57283
A flaw was found in Jenkins Pipeline: Groovy Plugin. This cross-site request forgery CSRF vulnerability allows attackers to instantiate types related to job or system configuration. This could enable unauthorized modifications to the Jenkins environment...
CVE-2026-57284
Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...
RHCOS 4 : OpenShift Container Platform 4.3.35 jenkins-2-plugins (RHSA-2020:3616)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3616 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
CVE-2024-52550
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer approv...
CVE-2024-52550
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer approv...
CVE-2024-52550
CVE-2024-52550 affects Jenkins Pipeline: Workflow CPS (and related Jenkins Pipeline/Groovy stack) where there is a lack of approval check for rebuilt Jenkins pipelines. The issue allows users with Item/Build permissions to rebuild a previous build whose Jenkinsfile is no longer approved. A PoC/ex...
Jenkins Pipeline Groovy Plugin 安全漏洞
Jenkins Pipeline is a set of plugins that support the implementation and integration of continuous delivery pipelines into Jenkins.Jenkins Pipeline: Groovy Plugin is vulnerable to a security feature issue that could be exploited by an attacker to load any Groovy source file on the class path of...
PT-2022-17115 · Jenkins · Jenkins Pipeline: Groovy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2648.va9433432b33c and earlier Description: The issue allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system. This is because the plugin follows...
PT-2022-17112 · Jenkins · Jenkins Pipeline: Groovy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2648.va9433432b33c and earlier Jenkins Pipeline: Groovy Plugin prior to 2656.vf7a e7b 75a 457 Jenkins Pipeline: Groovy Plugin version 2.94.1 Jenkins Pipeline: Groovy Plugin version 2.92.1 Description:...
jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...
PT-2019-2579 · Jenkins · Jenkins Pipeline: Groovy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2.64 and earlier Description: The issue is related to a sandbox bypass vulnerability in the Jenkins Pipeline: Groovy Plugin, which is associated with incorrect type conversion. This allows attackers to...
CloudBees Jenkins Pipeline: Groovy Plugin Remote Code Execution Vulnerability
CloudBees Jenkins Pipeline: Groovy Plugin is a U.S. CloudBees company's Java-based development of continuous integration tools in the process of building plug-ins . A remote code execution vulnerability exists in CloudBees Jenkins Pipeline: Groovy Plugin versions 2.36 and earlier. A remote attack...