2 matches found
PT-2022-20402 Β· Jenkins Β· Jenkins Mercurial PluginΒ +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 2.16 and earlier Description: The issue allows attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs. This enabl...
jenkins-plugin-workflow-cps: Arbitrary code execution due to incomplete sandbox protection (SECURITY-551)
The jenkins-plugin-script-security has incomplete sandbox protection which allows attackers to execute arbitrary code via constructors, instance variable initializers, and instance initializers in Pipeline scripts. Exploitation of this requires the attacker to have permission to configure Pipelin...