Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

CVE-2019-10355

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...

CVE-2019-10355

CVE-2019-10355 is a sandbox bypass in the Jenkins Script Security Plugin (versions up to 1.61 and earlier) that lets attackers escape the sandbox by exploiting how type casts are handled, enabling arbitrary code execution in sandboxed Groovy scripts. The vulnerability affected the plugin used wit...

CVE-2019-10356

CVE-2019-10356 is a sandbox bypass in Jenkins Script Security Plugin 1.61 and earlier, related to handling of method pointer expressions that could allow an attacker to execute arbitrary code in sandboxed scripts. The vulnerability is referenced across multiple advisories (Red Hat RHSA for OpenSh...

Arbitrary Code Execution

jenkins-plugin-workflow-cps is vulnerable to arbitrary code execution. A sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin allows an attacker to invoke arbitrary contructors in sandboxed scripts...

Arbitrary Code Execution

jenkins-plugin-script-security is vulnerable to arbitrary code execution. A sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin allows an attacker to invoke arbitrary constructors in sandboxed scripts...

Sandbox Protection Bypass

Jenkins Script Security Plugin is vulnerable to sandbox protection bypass vulnerability. This exists in the src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java which allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint...

CloudBees Jenkins Sandbox Bypass Vulnerability (CNVD-2019-09287)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Script Security Plugin is used in one of the...

Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

CVE-2019-1003040

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

CVE-2019-1003040

The CVE-2019-1003040 entry covers a sandbox bypass in Jenkins Script Security Plugin (versions 1.55 and earlier). The underlying issue allows an attacker to invoke arbitrary constructors from sandboxed Groovy scripts, effectively bypassing sandbox protections. Documented as a security vulnerabili...

PT-2019-2578 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.55 and earlier Description: The issue is related to a sandbox bypass vulnerability in the Jenkins Script Security Plugin, which is caused by incorrect type conversion. This allows a remote attacker to...

Security feature bypass

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

CVE-2019-1003029

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

CVE-2019-1003029

CVE-2019-1003029 describes a sandbox bypass in Jenkins Script Security Plugin (versions ≤ 1.53) that lets attackers with Overall/Read permission execute arbitrary code on the Jenkins master JVM. Affected components are in the plugin’s Groovy sandbox: GroovySandbox.java and SecureGroovyScript.java...

CVE-2019-1003029

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

CVE-2019-1003029

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

CVE-2019-1003029

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

CloudBees Jenkins Script Security Plugin Sandbox Bypass Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A sandbox bypass vulnerabilit...

Security feature bypass

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM...