Lucene search
K

56 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.12 views

CVE-2026-57283

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator...

4.3CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57284

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38764

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.22 views

CVE-2026-57284

CVE-2026-57284 affects Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier. The vulnerability arises because the Pipeline Snippet Generator does not restrict the types that can be instantiated, potentially allowing an attacker to instantiate types related to job or system configuration...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38763

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57283

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-51793

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Plugin versions prior to 4331.v9d06ed4658ff Description A cross-site request forgery CSRF issue exists in the Pipeline Snippet Generator. This flaw allows attackers to instantiate types related to system configuration ...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

Jenkins plugins Multiple Vulnerabilities (2026-06-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing...

8.8CVSS6.3AI score0.00595EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.13 views

RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2020:2478)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2478 advisory. - jenkins-git-client-plugin: OS command injection via 'git ls-remote' CVE-2019-10392 - jenkins-script-security-plugin: sandbox...

8.8CVSS6.2AI score0.25779EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.5 views

RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. - jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin SECURITY-1292 CVE-2019-1003005 -...

9.9CVSS6AI score0.75594EPSS
Exploits6References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-3993

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.01639EPSS
Exploits0References7
CVE
CVE
added 2024/11/13 8:53 p.m.117 views

CVE-2024-52550

CVE-2024-52550 affects Jenkins Pipeline: Workflow CPS (and related Jenkins Pipeline/Groovy stack) where there is a lack of approval check for rebuilt Jenkins pipelines. The issue allows users with Item/Build permissions to rebuild a previous build whose Jenkinsfile is no longer approved. A PoC/ex...

8CVSS6.9AI score0.0044EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.9 views

PT-2024-35372 · Jenkins · Jenkins Pipeline: Groovy Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 3990.vd281dd77a 388 and earlier, except version 3975.3977.v478dd9e956c3 Description: The issue allows attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no...

8CVSS6.2AI score0.0044EPSS
Exploits1References8
VulnCheck KEV
VulnCheck KEV
added 2024/04/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-1003001

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a...

8.8CVSS6.7AI score0.86224EPSS
Exploits9References1
RedHat Linux
RedHat Linux
added 2023/05/17 5:53 p.m.5 views

jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS7.6AI score0.0116EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/03/06 9:1 a.m.102 views

Critical: Red Hat Security Advisory: OpenShift Developer Tools and Services for OCP 4.12 security update

An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.9CVSS6.7AI score0.03571EPSS
Exploits4References16
OSV
OSV
added 2022/10/19 7:0 p.m.47 views

GHSA-27RF-8MJP-R363 Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

8.8CVSS9.9AI score0.01095EPSS
Exploits0References3
OSV
OSV
added 2022/10/19 7:0 p.m.41 views

GHSA-7VR5-72W7-Q6JC Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

8.8CVSS9.9AI score0.01211EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.40 views

Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

9.9CVSS9.5AI score0.01428EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.3 views

PT-2022-20399 · Jenkins · Jenkins Pipeline: Groovy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2689.v434009a 31b f1 and earlier Description: The issue allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. This could potentially be used to...

8.5CVSS8.2AI score0.01244EPSS
Exploits0References9
Rows per page
Query Builder