4 matches found
Overleaf 安全漏洞
Overleaf is an open source online real-time collaborative LaTeX editor from Overleaf Open Source. A security vulnerability exists in Overleaf that stems from an insecure configuration of the LaTeX compiler by default...
Jenkins Splunk Plugin Sandbox Bypass
Jenkins Splunk Plugin has a form validation HTTP endpoint used to validate a user-submitted Groovy script through compilation, which was not subject to sandbox protection. This allowed attackers with Overall/Read access to execute arbitrary code on the Jenkins controller by applying AST...
GHSA-WHF8-3H58-2W9F Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability
Jenkins Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to...
GHSA-XFWJ-2F34-32F5 Jenkins Groovy Plugin sandbox bypass vulnerability
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkin...