249 matches found
CVE-2020-2279
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...
CVE-2020-2279
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...
Security feature bypass
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...
CVE-2020-2279
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...
CVE-2020-2279
CVE-2020-2279 describes a sandbox bypass in Jenkins Script Security Plugin (versions 1.74 and earlier). The vulnerability lets attackers with permission to define sandboxed scripts craft return values or script bindings that can lead to arbitrary code execution on the Jenkins controller JVM. The ...
jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts
A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...
jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts
A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...
jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
CloudBees Jenkins Script Security Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Script Security Plugin is used in one of the...
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2190
The CVE-2020-2190 issue affects Jenkins Script Security Plugin (1.72 and earlier): it stored XSS due to improper escaping of pending/approved classpath entries on the In-process Script Approval page. Impact is stored cross-site scripting on affected Jenkins pages. CVSS metrics indicate low (2.0) ...
PT-2020-15404 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.72 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the Jenkins Script Security Plugin does not correctly escape pending or approved...
CVE-2019-10356
A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through crafted subexpressions used as arguments to method pointer expressions. This allows attackers the ability to specify sandboxed scripts to execute arbitrary code in the context of the Jenkins...
CVE-2019-10400
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts...
CVE-2019-10394
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts...
CVE-2019-10393
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts...