3 matches found
Code Injection
org.jenkins-ci.plugins.workflow, puppet-enterprise-pipeline is vulnerable to code injection The vulnerability is due to unsafe values specified in the custom Script Security whitelist, which allows an attacker with the ability to execute Script Security-protected scripts to execute arbitrary code...
CloudBees Jenkins Puppet Enterprise Pipeline Plugin Input Validation Error Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Puppet Enterprise Pipeline is used in one of...
PT-2019-11852 · Puppet +1 · Jenkins Puppet Enterprise Pipeline +1
Name of the Vulnerable Software and Affected Versions: Jenkins Puppet Enterprise Pipeline versions 1.3.1 and earlier Description: The issue allows attackers to execute arbitrary code if they can execute Script Security protected scripts, due to unsafe values specified in the custom Script Securit...