SUSE CVE-2017-1000107

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...

Sandbox bypass in Jenkins Script Security Plugin

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

GHSA-76QJ-9GWH-PVV3 Sandbox bypass in Jenkins Script Security Plugin

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

CVE-2023-24422

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

Security feature bypass

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

CVE-2023-24422

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

CVE-2023-24422

CVE-2023-24422 affects Jenkins Script Security Plugin (versions up to 1228.vd93135a_2fb_25 and earlier). The vulnerability is a sandbox bypass in map constructors that lets attackers with permission to define and run sandboxed scripts (including Pipelines) execute arbitrary code in the Jenkins co...

isContract might return false for the contracts

Lines of code Vulnerability details Impact The Turnstile contract's register function assumes the msg.sender is a smart contract. The validation of this is carried out in eventhandler.go's ValidateContract function. ValidateContract checks whether the address has an emptyCodeHash which is zero...

Sandbox Bypass

Jenkins Script Security Plugin is vulnerable to Sandbox Bypass. The vulnerability exists as the plugin rejects improper calls to sandbox-generated synthetic constructors which allows an attacker to bypass sandbox restrictions and execute arbitrary codes...

PT-2022-26889 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Libraries Plugin versions 612.v84da 9c54906d and earlier Jenkins Pipeline: Deprecated Groovy Libraries Plugin versions 583.vf3b 454e43966 and earlier Description: A sandbox bypass issue allows attackers with permissio...

CVE-2022-23770 WISA Smart Wing CMS Remote Command Execution Vulnerability

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal...

CVE-2022-23770

CVE-2022-23770 affects WISA Smart Wing CMS (WISA Korea). The connected documents describe a remote command execution risk caused by improper validation of parameters of certain API constructors, enabling exploits such as directory traversal. The vulnerability is reported across multiple feeds, bu...

GHSA-QVHF-3567-PC4V Sandbox bypass vulnerability in Script Security Plugin

Sandbox protection in Script Security Plugin 1.70 and earlier can be circumvented through: - Crafted constructor calls and bodies due to an incomplete fix of SECURITY-582 - Crafted method calls on objects that implement GroovyInterceptable This allows attackers able to specify and run sandboxed...

GHSA-72GX-QQ2M-6XR2 Improper Control of Generation of Code in Jenkins Script Security Plugin

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts...

Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

GHSA-3PV3-JJ4H-P528 Sandbox bypass vulnerability in Jenkins Script Security Plugin

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

GHSA-X74X-QF5J-35JH Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

EthAssetManager and ThreePoolAssetManager don't control Meta tokens decimals

Lines of code Vulnerability details Both contracts treat meta assets as if they have fixed decimals of 18. Minting logic breaks when it's not the case. However, meta tokens decimals aren't controlled. If actual meta assets have any other decimals, minting slippage control logic of both contracts...

GHSA-H2XH-JVPF-XQ42 Zope does not properly perform security registration for legacy names

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities...

Zope does not properly perform security registration for legacy names

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities...