Lucene search
K

4 matches found

CNNVD
CNNVD
added 2024/09/02 12:0 a.m.6 views

Overleaf 安全漏洞

Overleaf is an open source online real-time collaborative LaTeX editor from Overleaf Open Source. A security vulnerability exists in Overleaf that stems from an insecure configuration of the LaTeX compiler by default...

5.4CVSS6.8AI score0.00341EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:55 p.m.14 views

Jenkins Splunk Plugin Sandbox Bypass

Jenkins Splunk Plugin has a form validation HTTP endpoint used to validate a user-submitted Groovy script through compilation, which was not subject to sandbox protection. This allowed attackers with Overall/Read access to execute arbitrary code on the Jenkins controller by applying AST...

8.8CVSS7.7AI score0.01677EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/13 1:31 a.m.21 views

GHSA-WHF8-3H58-2W9F Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability

Jenkins Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to...

8.8CVSS9AI score0.01151EPSS
Exploits0References2
OSV
OSV
added 2022/05/13 1:15 a.m.21 views

GHSA-XFWJ-2F34-32F5 Jenkins Groovy Plugin sandbox bypass vulnerability

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkin...

8.8CVSS9AI score0.0155EPSS
Exploits0References3
Rows per page
Query Builder