Lucene search
K

94 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

8.5CVSS6AI score0.00594EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

6AI score0.00594EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38761

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

7.5CVSS6AI score0.00594EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57280

The CVE-2026-57280 affects Jenkins Script Security Plugin (versions up to and including 1402.v94c9ce464861). The issue is that sandboxed Groovy scripts do not intercept implicit type casts in elements of typed for-each loops, which can allow a user-supplied script to invoke arbitrary constructors...

8.8CVSS6AI score0.00372EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/24 1:20 p.m.23 views

CVE-2026-57281

CVE-2026-57281 affects Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier. The root cause is that the plugin does not reject Groovy AST transformation annotations carrying an extensions member, which can allow attackers to run sandboxed Groovy scripts to execute code outside the sandbo...

8.5CVSS6AI score0.00594EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51790

Name of the Vulnerable Software and Affected Versions Jenkins Script Security Plugin versions prior to 1402.v94c9ce464861 Description Sandboxed Groovy scripts fail to intercept implicit type casts applied to elements of typed for-each loops. This allows attackers who can provide such scripts to...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:4055)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4055 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

9.9CVSS6.2AI score0.02698EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.3.35 jenkins-2-plugins (RHSA-2020:3616)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3616 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...

8.8CVSS6.2AI score0.01428EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.2 jenkins-2-plugins (RHSA-2019:4097)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4097 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

9.9CVSS6.2AI score0.02698EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:4089)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4089 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

9.9CVSS6.2AI score0.02698EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.6 views

RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. - jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin SECURITY-1292 CVE-2019-1003005 -...

9.9CVSS6AI score0.75594EPSS
Exploits6References14
Github Security Blog
Github Security Blog
added 2026/04/29 3:30 p.m.23 views

Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

Jenkins Script Security Plugin 安全漏洞

The Jenkins Script Security Plugin is an open-source plugin developed by Jenkins that provides security controls and permission checks for automated script execution. The Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier contain security vulnerabilities. These vulnerabilities...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-4157

Malware in sbrugna...

7.5CVSS7.3AI score0.01755EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.27 views

EUVD-2022-2927

Malicious code in bioql PyPI...

4.9CVSS4.7AI score0.01047EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.33 views

EUVD-2022-4918

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.0076EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-5684

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.025EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4680

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.025EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3365

Malicious code in bioql PyPI...

4.9CVSS4.7AI score0.01047EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4221

Malicious code in bioql PyPI...

4.9CVSS4.7AI score0.01047EPSS
Exploits0References8
Rows per page
Query Builder