Lucene search
K

94 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 4:55 p.m.18 views

Sandbox bypass vulnerability in Script Security Plugin

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts...

4.9CVSS7.8AI score0.01047EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 4:51 p.m.1 views

GHSA-P56J-X44H-G66J Incorrect Privilege Assignment in Jenkins Script Security Plugin

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...

8.8CVSS6.2AI score0.025EPSS
Exploits0References8
OSV
OSV
added 2022/05/17 3:15 p.m.21 views

CVE-2022-30946

A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...

4.3CVSS6.6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/17 3:15 p.m.3 views

CVE-2022-30946

A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...

4.3CVSS6.4AI score0.00572EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:15 a.m.9 views

GHSA-784J-H234-M56X Protection Mechanism Failure in Jenkins Script Security Plugin

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...

8.8CVSS7.2AI score0.98428EPSS
Exploits15References9
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.40 views

Protection Mechanism Failure in Jenkins Script Security Plugin

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...

8.8CVSS5.2AI score0.98428EPSS
Exploits15References10Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/10/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-1003029

Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox...

9.9CVSS7.4AI score0.73854EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2020/06/29 2:37 p.m.4 views

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

8.8CVSS5.8AI score0.01267EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/17 10:38 p.m.4 views

jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts

A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...

8.8CVSS6.1AI score0.01428EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/04/09 10:33 a.m.35 views

CVE-2019-1003005

A flaw was found in the Jenkins Script Security plugin through version 1.50. The fix for CVE-2019-1003000 was found to be incomplete. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code...

8.8CVSS0.9AI score0.98428EPSS
Exploits17References4
RedhatCVE
RedhatCVE
added 2020/03/31 8:47 a.m.28 views

CVE-2020-2110

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

8.8CVSS0.9AI score0.01267EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/03/09 12:0 a.m.6 views

PT-2020-15343 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.70 and earlier Description: The sandbox protection in the Jenkins Script Security Plugin could be circumvented through crafted constructor calls and bodies, as well as crafted method calls on objects...

8.8CVSS8.9AI score0.01006EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2019/12/17 2:18 a.m.4 views

jenkins-script-security-plugin: handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts...

4.9CVSS6.2AI score0.01047EPSS
Exploits0References5
Prion
Prion
added 2019/11/21 3:15 p.m.22 views

Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts...

6.5CVSS8.9AI score0.01428EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/10/12 12:0 a.m.0 views

CloudBees Jenkins Script Security Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release , test projects and some timed tasks . Dependency Graph Viewer Plugin is used in whic...

9.9CVSS6.5AI score0.02698EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/09/04 7:18 a.m.3 views

jenkins-plugin-script-security: Sandbox bypass through method pointer expressions in Script Security Plugin

A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through crafted subexpressions used as arguments to method pointer expressions. This allows attackers the ability to specify sandboxed scripts to execute arbitrary code in the context of the Jenkins...

8.8CVSS6.1AI score0.025EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2019/08/13 12:0 a.m.8 views

The vulnerability of the Jenkins Script Security plugin, related to data processing errors, allows a hacker to execute arbitrary code.

The vulnerability of the Jenkins Script Security plugin is related to data processing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS5.9AI score0.025EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/07/31 1:15 p.m.27 views

Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

6.5CVSS8.9AI score0.025EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2019/07/31 12:45 p.m.55 views

CVE-2019-10356

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

8.9AI score0.025EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2019/07/11 12:0 a.m.7 views

The vulnerability of the Jenkins Script Security plugin, related to incorrect type conversion, allows attackers to invoke arbitrary constructs.

The vulnerability of the Jenkins Script Security plugin is related to incorrect type conversion. Exploiting this vulnerability allows a malicious actor to trigger arbitrary constructs remotely...

10CVSS5.6AI score0.03366EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder