jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1292)

A flaw was found in the Jenkins Script Security plugin through version 1.50. The fix for CVE-2019-1003000 was found to be incomplete. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code...

CVE-2019-1003040

A flaw was found in the Jenkins Script Security plugin. Groovy Plugins could be circumvented through methods supporting type casts and type coercion allowing attackers to invoke constructors for arbitrary types. The highest threat from this vulnerability is to data confidentiality and integrity a...

CloudBees Jenkins Sandbox Bypass Vulnerability (CNVD-2019-09287)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Script Security Plugin is used in one of the...

Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

CVE-2019-1003040

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

CVE-2019-1003040

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

CVE-2019-1003040

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

CVE-2019-1003040

The CVE-2019-1003040 entry covers a sandbox bypass in Jenkins Script Security Plugin (versions 1.55 and earlier). The underlying issue allows an attacker to invoke arbitrary constructors from sandboxed Groovy scripts, effectively bypassing sandbox protections. Documented as a security vulnerabili...

PT-2019-2578 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.55 and earlier Description: The issue is related to a sandbox bypass vulnerability in the Jenkins Script Security Plugin, which is caused by incorrect type conversion. This allows a remote attacker to...

CVE-2019-1003029

A flaw was found in the Jenkins Script Security plugin version 1.53. An attacker with Overall/Read permissions is able to escape the sandbox and execute arbitrary code on the Jenkins master JVM. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Security feature bypass

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

CVE-2019-1003029

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

CVE-2019-1003029

CVE-2019-1003029 describes a sandbox bypass in Jenkins Script Security Plugin (versions ≤ 1.53) that lets attackers with Overall/Read permission execute arbitrary code on the Jenkins master JVM. Affected components are in the plugin’s Groovy sandbox: GroovySandbox.java and SecureGroovyScript.java...

CVE-2019-1003029

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

CVE-2019-1003029

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

CVE-2019-1003029

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

PT-2019-2299 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.53 and earlier Description: A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins mast...

Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution Exploit

Exploit for java platform in category web applications !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49,...

Jenkins Script Security 1.49 / Declarative 1.3.4 / Groovy 2.60 Remote Code Execution

!/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49, Pipeline: Declarative=v1.3.4, Pipeline:...

Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution

Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on :...