Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57280

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection...

0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.33 views

CVE-2026-57280

The CVE-2026-57280 affects Jenkins Script Security Plugin (versions up to and including 1402.v94c9ce464861). The issue is that sandboxed Groovy scripts do not intercept implicit type casts in elements of typed for-each loops, which can allow a user-supplied script to invoke arbitrary constructors...

8.8CVSS6AI score0.00372EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2025/12/13 4:21 a.m.9 views

Cross-site Request Forgery (CSRF)

jp.ikedam.jenkins.plugins, extensible-choice-parameter is vulnerable to cross-site request forgery CSRF. The vulnerability is due to insufficient request validation, which allows an attacker to execute sandboxed Groovy code by tricking a user into performing unintended actions...

5.4CVSS5.8AI score0.00236EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/30 2:13 p.m.4 views

CVE-2025-64133

A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...

5.4CVSS6.9AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2025/10/29 2:15 p.m.3 views

CVE-2025-64133

A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...

5.4CVSS0.00236EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/10/29 1:29 p.m.4 views

CVE-2025-64133

A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...

5.4CVSS7.1AI score0.00236EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.6 views

Jenkins Extensible Choice Parameter Plugin 安全漏洞

Jenkins Extensible Choice Parameter Plugin is an open source parameter building plugin for Jenkins. A security vulnerability exists in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and prior versions, which stems from vulnerability to a cross-site request forgery attack that could...

5.4CVSS6.6AI score0.00236EPSS
Exploits0References2
Rows per page
Query Builder