Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5037

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.01267EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/24 5:8 p.m.14 views

Improper Input Validation in Jenkins Script Security Plugin

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

8.8CVSS8.2AI score0.01267EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 4:55 p.m.17 views

GHSA-CJR8-5RW4-WH65 Jenkins Splunk Plugin Sandbox Bypass

Jenkins Splunk Plugin has a form validation HTTP endpoint used to validate a user-submitted Groovy script through compilation, which was not subject to sandbox protection. This allowed attackers with Overall/Read access to execute arbitrary code on the Jenkins controller by applying AST...

8.8CVSS9AI score0.01677EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:55 p.m.13 views

Jenkins Splunk Plugin Sandbox Bypass

Jenkins Splunk Plugin has a form validation HTTP endpoint used to validate a user-submitted Groovy script through compilation, which was not subject to sandbox protection. This allowed attackers with Overall/Read access to execute arbitrary code on the Jenkins controller by applying AST...

8.8CVSS7.7AI score0.01677EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:31 a.m.23 views

Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability

Jenkins Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to...

8.8CVSS7.7AI score0.01151EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/13 1:31 a.m.19 views

GHSA-WHF8-3H58-2W9F Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability

Jenkins Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to...

8.8CVSS9AI score0.01151EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.27 views

Jenkins Script Security Plugin sandbox bypass vulnerability

The previously implemented script security sandbox protections prohibiting the use of unsafe AST transforming annotations such as @Grab 2019-01-08 fix for SECURITY-1266 could be circumvented through use of various Groovy language features: - Use of AnnotationCollector - Import aliasing -...

8.8CVSS7.8AI score0.0299EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.31 views

Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability

Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...

8.8CVSS7.9AI score0.81552EPSS
Exploits9References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.36 views

Jenkins Groovy Plugin sandbox bypass vulnerability

Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...

8.8CVSS7.7AI score0.86224EPSS
Exploits9References11Affected Software3
OSV
OSV
added 2022/05/13 1:15 a.m.30 views

GHSA-X6JX-CXG3-MGGH Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability

Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...

8.8CVSS8.9AI score0.81552EPSS
Exploits9References8
NVD
NVD
added 2021/03/11 6:15 p.m.11 views

CVE-2020-14987

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...

9CVSS0.03519EPSS
Exploits1References1
Prion
Prion
added 2021/03/11 6:15 p.m.10 views

Code injection

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...

9CVSS7.4AI score0.03519EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/03/11 5:50 p.m.13 views

CVE-2020-14987

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...

7.4AI score0.03519EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/09/09 3:23 p.m.3 views

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

8.8CVSS5.8AI score0.01267EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/29 2:37 p.m.4 views

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

8.8CVSS5.8AI score0.01267EPSS
Exploits0References5
Veracode
Veracode
added 2020/06/19 3:53 a.m.21 views

Remote Code Execution (RCE)

jenkins-script-security-plugin is vulnerabl to sandbox protection bypass during script compilation phase by applying AST transforming annotations...

8.8CVSS2.4AI score0.01267EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2020/04/09 10:33 a.m.33 views

CVE-2019-1003005

A flaw was found in the Jenkins Script Security plugin through version 1.50. The fix for CVE-2019-1003000 was found to be incomplete. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code...

8.8CVSS0.9AI score0.98428EPSS
Exploits17References4
NVD
NVD
added 2020/02/12 3:15 p.m.20 views

CVE-2020-2110

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

8.8CVSS8.6AI score0.01267EPSS
Exploits0References2
Prion
Prion
added 2020/02/12 3:15 p.m.18 views

Design/Logic Flaw

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

6.5CVSS8.5AI score0.01267EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/02/12 2:35 p.m.17 views

CVE-2020-2110

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

8.6AI score0.01267EPSS
Exploits0References2
Rows per page
Query Builder