609 matches found
CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...
CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...
CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...
CVE-2019-1003000
CVE-2019-1003000 is a sandbox bypass/remote code execution flaw in Jenkins via the Script Security Plugin (and depending on Groovy/Declarative plugins). Affected components include Script Security Plugin versions up to 1.49 and earlier, with vulnerable code in GroovySandbox.java that lets attacke...
PT-2019-11301 · Jenkins · Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Script Security Plugin versions 1.49 and earlier Description: A sandbox bypass issue exists that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. This is due to a vulnerabilit...
PT-2019-11303 · Jenkins · Pipeline: Declarative Plugin +1
Name of the Vulnerable Software and Affected Versions: Pipeline: Declarative Plugin versions 1.3.3 and earlier Description: A sandbox bypass issue exists that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM by providing a pipeline script to an HTT...
PT-2019-11302 · Jenkins · Groovy Plugin +2
Name of the Vulnerable Software and Affected Versions: Pipeline: Groovy Plugin versions 2.61 and earlier Description: A sandbox bypass issue exists that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM by providing a pipeline script to an HTTP...
CVE-2018-1000865
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
CVE-2018-1000865
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
CVE-2018-1000865
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
CVE-2018-1000865
CVE-2018-1000865 describes a sandbox bypass in Jenkins: Script Security Plugin 1.47 and earlier, via groovy-sandbox/SandboxTransformer.java, allows attackers with Job/Configure permission to run arbitrary code on the Jenkins master JVM if Groovy sandboxed plugins are installed. Connected referenc...
CVE-2017-2650
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...
CVE-2017-2650
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...
Design/Logic Flaw
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...
CVE-2017-2650
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...
CVE-2017-2650
The CVE-2017-2650 entry concerns the Jenkins Pipeline: Classpath Step plugin, where the Script Security sandbox can be bypassed. The issue affects Jenkins environments using this plugin, enabling users with SCM commit access or with permissions such as Job/Configure to bypass sandbox restrictions...
CVE-2017-1000505
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...
Jenkins Script Security Plugin Arbitrary File Read Vulnerability
CloudBees Jenkins CI formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . Script Security...
CVE-2017-1000505
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...
Type confusion
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...