31 matches found
EUVD-2022-2192
Malicious code in bioql PyPI...
SUSE CVE-2018-1000146
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
GHSA-XFWJ-2F34-32F5 Jenkins Groovy Plugin sandbox bypass vulnerability
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkin...
Script security sandbox bypass in Matrix Project Plugin
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM...
GHSA-FM3J-R98G-97JH Jenkins Groovy Plugin sandbox bypass vulnerability
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. Groovy Plugin 2.2 uses Script Security API...
Jenkins Groovy Plugin sandbox bypass vulnerability
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. Groovy Plugin 2.2 uses Script Security API...
GHSA-QWM8-VGM6-F86P Script security sandbox bypass in Jenkins Email Extension Plugin
A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java,...
Sandbox bypass in Script Security Plugin
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...
CVE-2018-1000865
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
Sandbox Protection Bypass
Jenkins Script Security Plugin is vulnerable to sandbox protection bypass vulnerability. This exists in the src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java which allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint...
Sandbox Protection Bypass
Jenkins Matrix Project Plugin is vulnerable to sandbox protection bypass vulnerability. This exists in the src/main/java/hudson/matrix/FilterScript.java which allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM...
Arbitrary Code Execution
Jenkins Pipeline in Groovy Plugin is vulnerable to arbitrary code execution attacks. This exists in the src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java which allows attackers to control pipeline scripts to execute arbitrary code on the Jenkins master JVM...
CVE-2019-10314
Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM...
CVE-2019-10314
Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM...
PT-2019-11716 · Jenkins · Jenkins Koji Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Koji Plugin affected versions not specified Description: The issue concerns the Jenkins Koji Plugin, which disables SSL/TLS and hostname verification globally for the Jenkins master JVM. This means the plugin unconditionally disables...
Security feature bypass
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy,...
Security feature bypass
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...
CVE-2019-1003030
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM...
CVE-2019-1003031
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM...
CVE-2019-1003034
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy,...