56 matches found
CVE-2026-57283
A cross-site request forgery CSRF vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator...
CVE-2026-57284
Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...
EUVD-2026-38764
Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...
CVE-2026-57284
CVE-2026-57284 affects Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier. The vulnerability arises because the Pipeline Snippet Generator does not restrict the types that can be instantiated, potentially allowing an attacker to instantiate types related to job or system configuration...
EUVD-2026-38763
A cross-site request forgery CSRF vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator...
CVE-2026-57283
A cross-site request forgery CSRF vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator...
PT-2026-51793
Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Plugin versions prior to 4331.v9d06ed4658ff Description A cross-site request forgery CSRF issue exists in the Pipeline Snippet Generator. This flaw allows attackers to instantiate types related to system configuration ...
Jenkins plugins Multiple Vulnerabilities (2026-06-24)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing...
RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2020:2478)
The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2478 advisory. - jenkins-git-client-plugin: OS command injection via 'git ls-remote' CVE-2019-10392 - jenkins-script-security-plugin: sandbox...
RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)
The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. - jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin SECURITY-1292 CVE-2019-1003005 -...
EUVD-2022-3993
Malicious code in bioql PyPI...
CVE-2024-52550
CVE-2024-52550 affects Jenkins Pipeline: Workflow CPS (and related Jenkins Pipeline/Groovy stack) where there is a lack of approval check for rebuilt Jenkins pipelines. The issue allows users with Item/Build permissions to rebuild a previous build whose Jenkinsfile is no longer approved. A PoC/ex...
PT-2024-35372 · Jenkins · Jenkins Pipeline: Groovy Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 3990.vd281dd77a 388 and earlier, except version 3975.3977.v478dd9e956c3 Description: The issue allows attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no...
VulnCheck KEV: CVE-2019-1003001
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a...
jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin
A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...
Critical: Red Hat Security Advisory: OpenShift Developer Tools and Services for OCP 4.12 security update
An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
GHSA-27RF-8MJP-R363 Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...
GHSA-7VR5-72W7-Q6JC Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...
PT-2022-20399 · Jenkins · Jenkins Pipeline: Groovy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2689.v434009a 31b f1 and earlier Description: The issue allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. This could potentially be used to...