609 matches found
CVE-2019-10431
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts...
CVE-2019-10431
CVE-2019-10431 relates to a sandbox bypass in Jenkins Script Security Plugin (versions 1.64 and earlier) where improper handling of default parameter expressions in constructors could allow an attacker to run arbitrary code in sandboxed scripts. The issue is described in the GitHub advisory GHSA-...
Multiple Jenkins Plugins Multiple Security Vulnerabilities
Description Jenkins plugins are prone to the following vulnerabilities: 1. A HTML-injection vulnerability 2. Multiple information-disclosure vulnerabilities 3. A security-bypass vulnerability An attacker may leverage these issues to steal cookie-based authentication credentials, gain access to...
PT-2019-11825 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.64 and earlier Description: A sandbox bypass issue related to the handling of default parameter expressions in constructors allows attackers to execute arbitrary code in sandboxed scripts...
CVE-2019-10418
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10417
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10417
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10418
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
Code injection
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
Code injection
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10418
The CVE-2019-10418 vulnerability affects the Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin. It stems from a custom script-security whitelist that improperly allowed invocation of arbitrary methods, bypassing the usual sandbox protections. Public references describe the issue and its i...
CVE-2019-10418
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10417
The CVE refers to Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin where a flawed custom Script Security whitelist allowed attackers to invoke arbitrary methods, bypassing the sandbox and potentially executing code. The entries from multiple sources corroborate that this is tied to the p...
PT-2019-11812 · Jenkins · Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin affected versions not specified Description: The issue allows attackers to invoke arbitrary methods, bypassing typical sandbox protection, due to a custom whitelist for script security...
PT-2019-11811 · Jenkins · Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin affected versions not specified Description: The issue concerns a custom whitelist for script security in the Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin, which allowed...
Jenkins Security Advisory 2019-01-08 Multiple Vulnerabilities
Jenkins running on the remote web server has one or more plugins affected by following vulnerabilities: - A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers...
CloudBees Jenkins Script Security plugin sandbox bypass vulnerability (CNVD-2019-32022)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Script Security Plugin is used in one of the...
CloudBees Jenkins Script Security plugin sandbox bypass vulnerability (CNVD-2019-32021)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Script Security Plugin is used in one of the...
CloudBees Jenkins Script Security Plugin Input Validation Error Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Script Security Plugin is used in one of the...
CloudBees Jenkins Script Security plugin sandbox bypass vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Script Security Plugin is used in one of the...