PT-2019-11793 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.62 and earlier Description: A sandbox bypass issue related to the handling of property names in property expressions in increment and decrement expressions allows attackers to execute arbitrary code i...

PT-2019-11788 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.62 and earlier Description: A sandbox bypass issue related to the handling of property names in property expressions on the left-hand side of assignment expressions allows attackers to execute arbitra...

jenkins-plugin-script-security: Sandbox bypass through method pointer expressions in Script Security Plugin

A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through crafted subexpressions used as arguments to method pointer expressions. This allows attackers the ability to specify sandboxed scripts to execute arbitrary code in the context of the Jenkins...

jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin

A flaw was found in Jenkins Script Security plugin. Sandbox protection could be circumvented by casting crafted objects to other types allowing an attacker to specify sandboxed scripts to invoke constructors that weren't previously whitelisted. The highest threat from this vulnerability is to dat...

Sandbox Restrictions Bypass

jenkins-plugin-script-security isv vulnerable to Sandbox bypass. This is possible through method pointer expressions in Script Security Plugin...

jenkins-plugin-script-security: Sandbox bypass through method pointer expressions in Script Security Plugin

A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through crafted subexpressions used as arguments to method pointer expressions. This allows attackers the ability to specify sandboxed scripts to execute arbitrary code in the context of the Jenkins...

jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin

A flaw was found in Jenkins Script Security plugin. Sandbox protection could be circumvented by casting crafted objects to other types allowing an attacker to specify sandboxed scripts to invoke constructors that weren't previously whitelisted. The highest threat from this vulnerability is to dat...

CVE-2019-10380

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

CVE-2019-10380

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

Code injection

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

CVE-2019-10380

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

CVE-2019-10380

Summary: CVE-2019-10380 affects Jenkins Simple Travis Pipeline Runner Plugin (versions 1.0 and earlier). The root cause is unsafe values in the plugin’s custom Script Security whitelist, enabling attackers able to execute Script Security protected scripts to run arbitrary code on vulnerable Jenki...

PT-2019-11776 · Jenkins · Jenkins Simple Travis Pipeline Runner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Simple Travis Pipeline Runner Plugin versions 1.0 and earlier Description: The issue allows attackers to execute arbitrary code by bypassing the Script Security sandbox protection. This is due to the plugin specifying unsafe values in...

CloudBees Jenkins Script Security Plugin Security Feature Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Script Security Plugin is used in one of the...

CloudBees Jenkins Script Security plugin security feature issue vulnerability (CNVD-2019-26374)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Script Security Plugin is used in one of the...

CVE-2019-10356

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

CVE-2019-10355

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...

CVE-2019-10355

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...

CVE-2019-10356

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...