249 matches found
CVE-2019-16538
A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...
CVE-2020-2134
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...
CloudBees Jenkins Script Security Plugin Authentication Bypass Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Script Security Plugin is used in one of the...
CVE-2020-2135
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable...
CVE-2020-2134
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...
CVE-2020-2134
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...
CVE-2020-2135
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable...
Design/Logic Flaw
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable...
Code injection
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...
CVE-2020-2134
CVE-2020-2134 relates to the Jenkins Script Security Plugin (versions up to 1.70) where sandbox protections could be bypassed by crafted constructor calls and bodies, enabling arbitrary code execution in the Jenkins controller JVM. The issue is documented in public advisories (GHSA/GHSA-GJ3Q-P8CM...
CVE-2020-2134
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...
CVE-2020-2135
Sandbox protection bypass in Jenkins Script Security Plugin (versions up to 1.70) can allow arbitrary code execution in sandboxed scripts. The root cause involves crafted constructor calls and bodies (SECURITY-582) and crafted method calls on objects implementing GroovyInterceptable. Mitigation: ...
PT-2020-15344 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.70 and earlier Description: The sandbox protection in the Jenkins Script Security Plugin could be circumvented through crafted method calls on objects that implement GroovyInterceptable, or through...
CVE-2020-2110
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...
Design/Logic Flaw
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...
CVE-2020-2110
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...
CVE-2020-2110
CVE-2020-2110 concerns the Jenkins Script Security Plugin (1.69 and earlier) where sandbox protection could be bypassed during script compilation by using AST transforming annotations on imports or inside other annotations. This vulnerability enables arbitrary code execution within sandboxed scri...
jenkins-script-security-plugin: handling of property names in property expressions on the left-hand side of assignment expression leads to execute arbitrary code in sandboxed scripts
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts...
jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts...
jenkins-script-security-plugin: handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts...