609 matches found
CVE-2022-45379
Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...
CVE-2022-45379
CVE-2022-45379 affects Jenkins Script Security Plugin: versions 1189.vb_a_b_7c8fd5fde and earlier store whole-script approvals as the SHA-1 hash of the script, making them susceptible to SHA-1 collision attacks. Affected product: Jenkins Script Security Plugin (1189.vb_a_b_7c8fd5fde and earlier)....
Jenkins Plugin Script Security 加密问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-45379
Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...
PT-2022-27481 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1189.vb a b 7c8fd5fde and earlier Description: The issue arises from the storage of whole-script approvals as the SHA-1 hash of the script, which no longer meets security standards for producing a...
CVE-2022-45379
Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...
Sandbox Bypass
Jenkins Script Security Plugin is vulnerable to Sandbox Bypass. The vulnerability exists as the plugin rejects improper calls to sandbox-generated synthetic constructors which allows an attacker to bypass sandbox restrictions and execute arbitrary codes...
Sandbox Bypass
Jenkins Script Security Plugin is vulnerable to Sandbox Bypass. The vulnerability exists during the casting of array-like values to array types that intercepts per-element casts which allows an attacker to bypass sandbox restrictions and execute arbitrary codes...
GHSA-F6MQ-6FX5-W2CH Jenkins Script Security Plugin sandbox bypass vulnerability
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
com.sonyericsson.hudson.plugins.rebuild:rebuild (>=320.v5a_0933a_e7d61 <=332.va_1ee476d8f6d), de.peass:peass-ci (=2.3.9-1285.va_202a_66e21fa_) +27 more potentially affected by CVE-2022-43403 via org.jenkins-ci.plugins:script-security (>=1138.v8e727069a_025 <=1175.v4b_d517d6db_f0)
org.jenkins-ci.plugins:script-security MAVEN version =1138.v8e727069a025, =320.v5a0933ae7d61, =3.0, =1714.v09593e830cfa, =11.2.0, =5.2.2-3, =2.9, =1.13.3-4, =264.veae31791b3c9, =5.4.0-4, =6.3.0-3, =1.17.vd2468d9c5e85, =3.2.1, =1.29.0-5, =1714.v09593e830cfa, =1805.v1455f39c04cf and more Source cve...
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...
GHSA-27RF-8MJP-R363 Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...
com.sonyericsson.hudson.plugins.rebuild:rebuild (>=320.v5a_0933a_e7d61 <=332.va_1ee476d8f6d), de.peass:peass-ci (=2.3.9-1285.va_202a_66e21fa_) +27 more potentially affected by CVE-2022-43404 via org.jenkins-ci.plugins:script-security (>=1138.v8e727069a_025 <=1175.v4b_d517d6db_f0)
org.jenkins-ci.plugins:script-security MAVEN version =1138.v8e727069a025, =320.v5a0933ae7d61, =3.0, =1714.v09593e830cfa, =11.2.0, =5.2.2-3, =2.9, =1.13.3-4, =264.veae31791b3c9, =5.4.0-4, =6.3.0-3, =1.17.vd2468d9c5e85, =3.2.1, =1.29.0-5, =1714.v09593e830cfa, =1805.v1455f39c04cf and more Source cve...
Jenkins Script Security Plugin sandbox bypass vulnerability
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
GHSA-7VR5-72W7-Q6JC Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...
com.sonyericsson.hudson.plugins.rebuild:rebuild (>=320.v5a_0933a_e7d61 <=332.va_1ee476d8f6d), de.peass:peass-ci (=2.3.9-1285.va_202a_66e21fa_) +27 more potentially affected by CVE-2022-43401 via org.jenkins-ci.plugins:script-security (>=1138.v8e727069a_025 <=1175.v4b_d517d6db_f0)
org.jenkins-ci.plugins:script-security MAVEN version =1138.v8e727069a025, =320.v5a0933ae7d61, =3.0, =1714.v09593e830cfa, =11.2.0, =5.2.2-3, =2.9, =1.13.3-4, =264.veae31791b3c9, =5.4.0-4, =6.3.0-3, =1.17.vd2468d9c5e85, =3.2.1, =1.29.0-5, =1714.v09593e830cfa, =1805.v1455f39c04cf and more Source cve...
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...
CVE-2022-43404
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandb...
CVE-2022-43403
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
CVE-2022-43404
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandb...