609 matches found
jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts
A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...
jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...
jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...
Sandbox Restrictions Bypass
jenkins-script-security-plugin is vulnerable to sandbox restrictions bypass. An attacker is able to bypass the sandbox protection via malicious constructor calls and constructor bodies...
jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...
jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...
jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts
A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...
jenkins-script-security-plugin: sandbox protection bypass leads to arbitrary code execution
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable...
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
CloudBees Jenkins Script Security Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Script Security Plugin is used in one of the...
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
Cross site scripting
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2190
The CVE-2020-2190 issue affects Jenkins Script Security Plugin (1.72 and earlier): it stored XSS due to improper escaping of pending/approved classpath entries on the In-process Script Approval page. Impact is stored cross-site scripting on affected Jenkins pages. CVSS metrics indicate low (2.0) ...
PT-2020-15404 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.72 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the Jenkins Script Security Plugin does not correctly escape pending or approved...
CVE-2019-10356
A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through crafted subexpressions used as arguments to method pointer expressions. This allows attackers the ability to specify sandboxed scripts to execute arbitrary code in the context of the Jenkins...
CVE-2019-1003005
A flaw was found in the Jenkins Script Security plugin through version 1.50. The fix for CVE-2019-1003000 was found to be incomplete. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code...
CVE-2019-1003024
A flaw was found in the Jenkins script security sandbox. The previously implemented script security sandbox protections prohibiting the use of unsafe AST transforming annotations such as @Grab could be circumvented through use of various Groovy language features including the use of...
CVE-2019-10399
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts...