PT-2022-26901 · Jenkins · Jenkins Katalon Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Katalon Plugin versions 1.0.32 and earlier Description: The issue allows attackers who can control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments...

GHSA-6Q78-6XVR-26FG Jenkins Groovy Plugin sandbox bypass vulnerability

Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...