CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

92 matches found

RedHat Linux•added 2023/05/17 5:53 p.m.•5 views

jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS7.6AI score0.00229EPSS

Exploits0References5

RedHat Linux•added 2023/03/06 9:1 a.m.•5 views

jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin

9.9CVSS7.6AI score0.00302EPSS

Exploits0References5

SUSE CVE•added 2023/02/15 4:8 a.m.•1 views

SUSE CVE-2019-16538

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts...

8.8CVSS8.8AI score0.00176EPSS

Exploits0References3

RedHat Linux•added 2023/02/08 6:41 p.m.•3 views

jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin

9.9CVSS7.6AI score0.00302EPSS

Exploits0References5

RedHat Linux•added 2023/02/08 6:41 p.m.•4 views

plugin: CSRF vulnerability in Script Security Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...

4.3CVSS5.7AI score0.00104EPSS

Exploits0References5

NVD•added 2023/01/26 9:18 p.m.•10 views

CVE-2023-24422

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

8.8CVSS9.4AI score0.00039EPSS

Exploits0References1

Prion•added 2023/01/26 9:18 p.m.•31 views

Security feature bypass

4.3CVSS9.3AI score0.00039EPSS

Exploits0References1Affected Software1

OSV•added 2022/11/15 8:15 p.m.•27 views

CVE-2022-45379

Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...

7.5CVSS7.4AI score

Exploits0References2

ATTACKERKB•added 2022/11/15 8:15 p.m.•2 views

CVE-2022-45379

Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...

7.5CVSS7.1AI score0.00362EPSS

Exploits0References3

ATTACKERKB•added 2022/10/19 4:15 p.m.•2 views

CVE-2022-43404

A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandb...

9.9CVSS6.1AI score0.00186EPSS

Exploits0References4

ATTACKERKB•added 2022/10/19 4:15 p.m.•2 views

CVE-2022-43401

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection a...

9.9CVSS6.1AI score0.00229EPSS

Exploits0References4

Prion•added 2022/10/19 4:15 p.m.•36 views

Security feature bypass

6.5CVSS9.5AI score0.00229EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2022/10/19 12:0 a.m.•2 views

PT-2022-26885 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1183.v774b 0b 0a a 451 and earlier Description: A sandbox bypass issue involving implicit casts by the Groovy language runtime allows attackers with permission to define and run sandboxed scripts to...

9.9CVSS9.5AI score0.00229EPSS

Exploits0References7

RedhatCVE•added 2022/08/19 4:38 a.m.•52 views

CVE-2022-30946

4.3CVSS1.7AI score0.00104EPSS

Exploits0References4

OSV•added 2022/05/24 5:29 p.m.•2 views

GHSA-CCR8-4XR7-CGJ3 Sandbox bypass vulnerability in Jenkins Script Security Plugin

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

9.9CVSS6.2AI score0.00285EPSS

Exploits0References6

Github Security Blog•added 2022/05/24 4:55 p.m.•17 views

Sandbox bypass vulnerability in Script Security Plugin

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts...

4.9CVSS7.8AI score0.00162EPSS

Exploits0References5Affected Software1

OSV•added 2022/05/24 4:51 p.m.•0 views

GHSA-P56J-X44H-G66J Incorrect Privilege Assignment in Jenkins Script Security Plugin

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...

8.8CVSS6.2AI score0.00041EPSS

Exploits0References8

OSV•added 2022/05/17 3:15 p.m.•16 views

CVE-2022-30946

4.3CVSS6.6AI score

Exploits0References2

ATTACKERKB•added 2022/05/17 3:15 p.m.•2 views

CVE-2022-30946

4.3CVSS6.4AI score0.00104EPSS

Exploits0References3

Github Security Blog•added 2022/05/13 1:15 a.m.•40 views

Protection Mechanism Failure in Jenkins Script Security Plugin

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...

8.8CVSS5.2AI score0.94443EPSS

Exploits15References10Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by