19 matches found
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
CVE-2024-52551
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks. Mitigation Mitigation for this iss...
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b83 and earlier does not check whether the main Jenkinsfile script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer...
GHSA-P2QQ-C693-Q53W Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b83 and earlier does not check whether the main Jenkinsfile script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer...
CVE-2024-52551
Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b83 and earlier does not check whether the main Jenkinsfile script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer...
CVE-2024-52551
CVE-2024-52551 affects Jenkins Pipeline Declarative Plugin up to version 2.2214.vb_b_34b_2ea_9b_83 and earlier, allowing restart of a build from a specific stage using an unapproved Jenkinsfile. The underlying issue is an unchecked approval state for the main Jenkinsfile when restarting a prior b...
CVE-2024-52551
Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b83 and earlier does not check whether the main Jenkinsfile script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer...
CVE-2024-52551
Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b83 and earlier does not check whether the main Jenkinsfile script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer...
PT-2024-35373 · Jenkins · Jenkins Pipeline: Declarative Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Declarative Plugin versions 2.2214.vb b 34b 2ea 9b 83 and earlier Description: The issue allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved, as the plugin...
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin
Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the input step. This ID is used for the URLs that process user interactions for the given input step proceed or abort and is not correctly encoded. This allows attackers able to...
PT-2022-26891 · Jenkins · Jenkins Pipeline: Input Step Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Input Step Plugin versions 451.vf1a a 4f405289 and earlier Pipeline: Declarative Plugin versions 2.2114.v2654ca 721309 and earlier Description: The issue arises from the Jenkins Pipeline: Input Step Plugin not restricting or...
CVE-2019-1003001
A flaw was found in Jenkins Pipeline. In the Declarative plugin, the script sandbox protection could be circumvented during the script compilation phase by applying AST. Both the pipeline validation REST APIs and the actual script/pipeline execution are affected. This allows users with Overall/Re...
Security feature bypass
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...
CVE-2019-1003002
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...
CVE-2019-1003002
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...
CVE-2019-1003002
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...