GHSA-784J-H234-M56X Protection Mechanism Failure in Jenkins Script Security Plugin

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...

VulnCheck KEV: CVE-2019-1003029

Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts

A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...

CVE-2019-1003005

A flaw was found in the Jenkins Script Security plugin through version 1.50. The fix for CVE-2019-1003000 was found to be incomplete. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code...

CVE-2020-2110

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

PT-2020-15343 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.70 and earlier Description: The sandbox protection in the Jenkins Script Security Plugin could be circumvented through crafted constructor calls and bodies, as well as crafted method calls on objects...

jenkins-script-security-plugin: handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts...

Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts...

CloudBees Jenkins Script Security Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release , test projects and some timed tasks . Dependency Graph Viewer Plugin is used in whic...

PT-2019-11794 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.62 and earlier Description: A sandbox bypass issue related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allows attackers to execute arbitrar...

jenkins-plugin-script-security: Sandbox bypass through method pointer expressions in Script Security Plugin

A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through crafted subexpressions used as arguments to method pointer expressions. This allows attackers the ability to specify sandboxed scripts to execute arbitrary code in the context of the Jenkins...

The vulnerability of the Jenkins Script Security plugin, related to data processing errors, allows a hacker to execute arbitrary code.

The vulnerability of the Jenkins Script Security plugin is related to data processing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

CVE-2019-10356

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

The vulnerability of the Jenkins Script Security plugin, related to incorrect type conversion, allows attackers to invoke arbitrary constructs.

The vulnerability of the Jenkins Script Security plugin is related to incorrect type conversion. Exploiting this vulnerability allows a malicious actor to trigger arbitrary constructs remotely...

Sandbox Protection Bypass

Jenkins Script Security Plugin is vulnerable to sandbox protection bypass attacks. This exists in the RejectASTTransformsCustomizer.java which allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that could result in arbitrary code execution on the Jenkins...

jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1320)

A flaw was found in the Jenkins script security sandbox. The previously implemented script security sandbox protections prohibiting the use of unsafe AST transforming annotations such as @Grab could be circumvented through use of various Groovy language features including the use of...

CVE-2019-1003040

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

CVE-2019-1003040

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...