91 matches found
CVE-2026-57281
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...
CVE-2026-57280
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection...
EUVD-2026-38761
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...
RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:4089)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4089 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...
RHCOS 4 : OpenShift Container Platform 4.3.35 jenkins-2-plugins (RHSA-2020:3616)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3616 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...
RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:4055)
The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4055 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...
RHCOS 4 : OpenShift Container Platform 4.2 jenkins-2-plugins (RHSA-2019:4097)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4097 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...
RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)
The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. - jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin SECURITY-1292 CVE-2019-1003005 -...
Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths
Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...
Jenkins Script Security Plugin 安全漏洞
The Jenkins Script Security Plugin is an open-source plugin developed by Jenkins that provides security controls and permission checks for automated script execution. The Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier contain security vulnerabilities. These vulnerabilities...
EUVD-2016-4157
Malware in sbrugna...
EUVD-2022-2891
Malicious code in bioql PyPI...
EUVD-2022-2690
Malicious code in bioql PyPI...
EUVD-2022-5034
Malicious code in bioql PyPI...
EUVD-2022-6986
Malicious code in bioql PyPI...
EUVD-2024-1357
Malicious code in bioql PyPI...
EUVD-2022-2227
Malicious code in bioql PyPI...
EUVD-2022-4221
Malicious code in bioql PyPI...
EUVD-2022-2927
Malicious code in bioql PyPI...
EUVD-2022-5037
Malicious code in bioql PyPI...