Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.40 views

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3198 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

9.9CVSS8.1AI score0.99931EPSS
Exploits52References48
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.38 views

RHEL 8 : OpenShift Developer Tools and Services for OCP 4.12 (RHSA-2023:1064)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1064 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

9.9CVSS6.9AI score0.03571EPSS
Exploits4References33
RedHat Linux
RedHat Linux
added 2023/03/06 9:1 a.m.113 views

Critical: Red Hat Security Advisory: OpenShift Developer Tools and Services for OCP 4.12 security update

An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.9CVSS6.7AI score0.03571EPSS
Exploits4References16
vulnersOsv
vulnersOsv
added 2022/10/19 7:0 p.m.5 views

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.openshift.jenkins:openshift-pipeline (>=1.0.14 <=1.0.57) +39 more potentially affected by CVE-2022-43404 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2660.vb_c0412dc4e6d)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =1.0.14, =1.3.0, =0.9.0, =1.22, =1.0, =1.0, =1.0, =0.1-beta-1, =0.1-beta-5, =1.9-beta-1, =2.3 and more Source cves: CVE-2022-43404 Source advisory: OSV:GHSA-27RF-8MJP-R363...

9.9CVSS7.7AI score0.01095EPSS
Exploits0
OSV
OSV
added 2022/10/19 7:0 p.m.55 views

GHSA-7VR5-72W7-Q6JC Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

8.8CVSS9.9AI score0.01211EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.68 views

Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

9.9CVSS9.5AI score0.01428EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.46 views

Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

9.9CVSS9.5AI score0.01428EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.47 views

CVE-2022-43404

A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandb...

9.8AI score0.01095EPSS
Exploits0References2
CVE
CVE
added 2022/10/19 12:0 a.m.148 views

CVE-2022-43404

CVE-2022-43404: A sandbox bypass in Jenkins Script Security Plugin (versions up to 1183.v774b_0b_0a_a_451 and earlier) allows authenticated/authorized users to bypass the sandbox and execute arbitrary code in the Jenkins controller JVM via crafted constructor bodies and calls to sandbox-generated...

9.9CVSS9.5AI score0.01095EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2022/10/19 12:0 a.m.37 views

CVE-2022-43404

A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandb...

9.9CVSS4.8AI score0.01095EPSS
Exploits0References3
Rows per page
Query Builder