Lucene search
K

252 matches found

CVE
CVE
added 2021/04/21 2:20 p.m.75 views

CVE-2021-21646

The CVE-2021-21646 entry concerns the Jenkins Templating Engine Plugin, version 2.1 and earlier. The underlying issue is failure to protect pipeline configurations with the Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the Jenkins controller...

8.8CVSS8.8AI score0.01749EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/21 2:20 p.m.29 views

CVE-2021-21646

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

9.1AI score0.01749EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/04/21 12:0 a.m.5 views

PT-2021-14689 · Jenkins · Script Security Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Templating Engine Plugin versions 2.1 and earlier Description: The issue allows attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. This is due to the lack of protection for...

8.8CVSS8.8AI score0.01749EPSS
Exploits0References8
NVD
NVD
added 2020/09/23 2:15 p.m.33 views

CVE-2020-2279

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...

9.9CVSS0.02126EPSS
Exploits0References2
OSV
OSV
added 2020/09/23 2:15 p.m.17 views

CVE-2020-2279

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...

9.9CVSS7.5AI score
Exploits0References2
Prion
Prion
added 2020/09/23 2:15 p.m.21 views

Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...

6.5CVSS9.7AI score0.02126EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/23 1:10 p.m.34 views

CVE-2020-2279

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...

9.8AI score0.02126EPSS
Exploits0References2
CVE
CVE
added 2020/09/23 1:10 p.m.80 views

CVE-2020-2279

CVE-2020-2279 describes a sandbox bypass in Jenkins Script Security Plugin (versions 1.74 and earlier). The vulnerability lets attackers with permission to define sandboxed scripts craft return values or script bindings that can lead to arbitrary code execution on the Jenkins controller JVM. The ...

9.9CVSS9.7AI score0.02126EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/09/09 3:23 p.m.3 views

jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts

A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...

8.8CVSS6.1AI score0.01428EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/08 12:9 p.m.4 views

jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...

5.4CVSS5.6AI score0.0076EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/07/31 2:24 p.m.6 views

jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...

5.4CVSS5.6AI score0.0076EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/29 2:37 p.m.5 views

jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts

A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...

8.8CVSS6.1AI score0.01428EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/17 10:38 p.m.6 views

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

8.8CVSS5.8AI score0.01267EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/06/16 9:25 a.m.42 views

CVE-2020-2190

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...

3.5CVSS1.2AI score0.0076EPSS
Exploits0References4
CNVD
CNVD
added 2020/06/04 12:0 a.m.3 views

CloudBees Jenkins Script Security Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Script Security Plugin is used in one of the...

5.4CVSS6.5AI score0.0076EPSS
Exploits0References1
NVD
NVD
added 2020/06/03 1:15 p.m.47 views

CVE-2020-2190

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...

5.4CVSS5.3AI score0.0076EPSS
Exploits0References2
CVE
CVE
added 2020/06/03 12:40 p.m.131 views

CVE-2020-2190

The CVE-2020-2190 issue affects Jenkins Script Security Plugin (1.72 and earlier): it stored XSS due to improper escaping of pending/approved classpath entries on the In-process Script Approval page. Impact is stored cross-site scripting on affected Jenkins pages. CVSS metrics indicate low (2.0) ...

5.4CVSS5.1AI score0.0076EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/06/03 12:40 p.m.43 views

CVE-2020-2190

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...

5.3AI score0.0076EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.5 views

PT-2020-15404 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.72 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the Jenkins Script Security Plugin does not correctly escape pending or approved...

5.4CVSS5.1AI score0.0076EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2020/04/09 10:44 a.m.25 views

CVE-2019-10356

A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through crafted subexpressions used as arguments to method pointer expressions. This allows attackers the ability to specify sandboxed scripts to execute arbitrary code in the context of the Jenkins...

8.8CVSS3.2AI score0.025EPSS
Exploits0References3
Rows per page
Query Builder