252 matches found
CVE-2021-21646
The CVE-2021-21646 entry concerns the Jenkins Templating Engine Plugin, version 2.1 and earlier. The underlying issue is failure to protect pipeline configurations with the Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the Jenkins controller...
CVE-2021-21646
Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
PT-2021-14689 · Jenkins · Script Security Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Templating Engine Plugin versions 2.1 and earlier Description: The issue allows attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. This is due to the lack of protection for...
CVE-2020-2279
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...
CVE-2020-2279
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...
Security feature bypass
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...
CVE-2020-2279
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...
CVE-2020-2279
CVE-2020-2279 describes a sandbox bypass in Jenkins Script Security Plugin (versions 1.74 and earlier). The vulnerability lets attackers with permission to define sandboxed scripts craft return values or script bindings that can lead to arbitrary code execution on the Jenkins controller JVM. The ...
jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts
A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...
jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts
A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...
jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
CloudBees Jenkins Script Security Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Script Security Plugin is used in one of the...
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2190
The CVE-2020-2190 issue affects Jenkins Script Security Plugin (1.72 and earlier): it stored XSS due to improper escaping of pending/approved classpath entries on the In-process Script Approval page. Impact is stored cross-site scripting on affected Jenkins pages. CVSS metrics indicate low (2.0) ...
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
PT-2020-15404 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.72 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the Jenkins Script Security Plugin does not correctly escape pending or approved...
CVE-2019-10356
A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through crafted subexpressions used as arguments to method pointer expressions. This allows attackers the ability to specify sandboxed scripts to execute arbitrary code in the context of the Jenkins...