609 matches found
CVE-2019-16538
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts...
CVE-2019-16538
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts...
Security feature bypass
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts...
CVE-2019-16538
CVE-2019-16538 is a sandbox bypass in Jenkins Script Security Plugin (1.67 and earlier) that allowed arbitrary code execution in sandboxed scripts. The issue is cited in multiple advisories (GHSA-62PM-MGRH-7P69 and RHSA-2020:3616/2737) and Red Hat OpenShift updates list the vulnerability as a fix...
CVE-2019-16538
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts...
PT-2019-14694 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.67 and earlier Description: A sandbox bypass issue related to the handling of default parameter expressions in closures allows attackers to execute arbitrary code in sandboxed scripts. Recommendations...
CVE-2018-1000865
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
CVE-2019-10431
A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through default parameter expressions in constructors. This allowed attackers, able to specify and run sandboxed scripts, to execute arbitrary code in the context of the Jenkins master JVM. The highes...
SUID3NUM - A Script Which Utilizes Python'S Built-In Modules To Find SUID Bins, Separate Default Bins From Custom Bins, Cross-Match Those With Bins In GTFO Bin's Repository & Auto-Exploit Those
A standalone python script which utilizes python's built-in modules to find SUID bins, separate default bins from custom bins, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! Description A standalone script supporting both python2 & python3 to find out...
CVE-2019-10458
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...
CVE-2019-10458
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...
CVE-2019-10458
Summary (facts from documents): Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier is affected by an unsafe Script Security whitelist that can let attackers executing Script Security protected scripts run arbitrary code. Affected component: Jenkins Puppet Enterprise Pipeline plugin; vulnerable ...
CVE-2019-10458
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...
PT-2019-11852 · Puppet +1 · Jenkins Puppet Enterprise Pipeline +1
Name of the Vulnerable Software and Affected Versions: Jenkins Puppet Enterprise Pipeline versions 1.3.1 and earlier Description: The issue allows attackers to execute arbitrary code if they can execute Script Security protected scripts, due to unsafe values specified in the custom Script Securit...
CloudBees Jenkins Script Security Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release , test projects and some timed tasks . Dependency Graph Viewer Plugin is used in whic...
SugarCRM 9.0.1 SQL Injection
-------------------------------------------------------- SugarCRM = 9.0.1 Multiple SQL Injection Vulnerabilities -------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Version 9.0.1 and prior versions, 8.0.3 and prior versions. -...
Unspecified Vulnerability in CloudBees Jenkins Kubernetes::Pipeline::Kubernetes Steps Plugin
CloudBees Jenkins Hudson Labs is a set of U.S. CloudBees company based on Java development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks.Kubernetes::Pipeline::Arquillian Steps Plugin is used in...
CVE-2019-10431
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts...
CVE-2019-10431
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts...
Security feature bypass
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts...