609 matches found
GHSA-QWGX-MRV5-87J8 CSRF vulnerability in Jenkins Script Security Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
CVE-2022-30946
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
CVE-2022-30946
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
CVE-2022-30946
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
CVE-2022-30946
CVE-2022-30946 is a CSRF vulnerability in Jenkins Script Security Plugin (affecting versions up to 1158.v7c1b_73a_69a_08 and earlier). An authenticated attacker can induce Jenkins to send an HTTP request to a attacker‑specified webserver, enabling malicious activity such as cross‑site scripting a...
CVE-2022-30946
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
CVE-2022-30946
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...
GHSA-XGJX-96V4-MQXX Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...
PT-2022-20400 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1158.v7c1b 73a 69a 08 and earlier Description: A cross-site request forgery CSRF issue allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. This occurs because the...
Jenkins Script Security Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Script Security Plugin...
Jenkins Script Security Plugin Remote Code Execution (CVE-2019-1003029)
A remote code execution vulnerability exists in Jenkins Script Security Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
GHSA-R9JF-HF9X-7HRV Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...
GHSA-P4P5-3V2J-W5RV Improper Privilege Management in Jenkins
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
Improper Privilege Management in Jenkins
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permissio...
GHSA-H7RX-R733-7X7R Sandbox bypass in Jenkins Script Security Plugin sandbox bypass
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...
Sandbox bypass in Jenkins Script Security Plugin sandbox bypass
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...