609 matches found
CVE-2017-1000505
In Jenkins Script Security Plugin versions 1.36 and earlier, users who can configure sandboxed Groovy scripts could abuse a Groovy type coercion to create new File objects from strings, enabling reading arbitrary files on the Jenkins master filesystem. The entry notes this type coercion is now tr...
CVE-2017-1000505
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...
CloudBees Jenkins Script Security plugin security bypass vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , the tool is mainly used to monitor the order of repetitive work . Script Security is one of the plug-ins used to detect the script security . A...
CVE-2017-1000107
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...
CVE-2017-1000095
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAtObject, String, Object; DefaultGroovyMethods.getAtObject, String. These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild'rawBuild' rather than...
Type confusion
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...
CVE-2017-1000107
CVE-2017-1000107 affects the Jenkins Script Security Plugin. The root cause is that sandboxing restrictions were not applied to constructor invocations via positional argument lists, super constructors, method references, or type coercion expressions, allowing potential bypass of sandbox protecti...
CVE-2017-1000107
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...
CloudBees Jenkins Script Security plugin security bypass vulnerability
CloudBees Jenkins CI formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . Script Security...
jenkins-plugin-script-security: Unsafe methods in the default whitelist (SECURITY-538)
The jenkins-plugin-script-security improperly whitelisted "DefaultGroovyMethods.putAtObject, String, Object" and "DefaultGroovyMethods.getAtObject, String" which allows attackers to bypass many restrictions and potentially trigger builds or access data they should not have access to. Exploitation...
CVE-2017-1000095
The jenkins-plugin-script-security improperly whitelisted "DefaultGroovyMethods.putAtObject, String, Object" and "DefaultGroovyMethods.getAtObject, String" which allows attackers to bypass many restrictions and potentially trigger builds or access data they should not have access to. Exploitation...
Audiojungle Clone Script - SQL Injection
Audiojungle Clone Script - SQL Injection Exploit Title: Audiojungle Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://audiojungleclone.bsetec.com/ Demo: http://www.bsetecdemo.com/audiojungleclone Version: N/A Tested on: Win7 x64,...
CVE-2016-3102
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...
CVE-2016-3102
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...
Design/Logic Flaw
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...
CVE-2016-3102
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...
CVE-2016-3102
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...
CVE-2016-3102
The CVE-2016-3102 issue affects the Jenkins Script Security plugin prior to 1.18.1, where a plugin that performs direct field access or get/set array operations could bypass the Groovy sandbox protection. Affected product: Jenkins Script Security plugin (versions
Fedora Update for jenkins-script-security-plugin FEDORA-2015-5643
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 21 : jenkins-script-security-plugin-1.13-2.fc21 / groovy-sandbox-1.8-1.fc21 / etc (2015-5637)
Fix CVE-2015-1806 SECURITY-125 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...