Sandbox Bypass

org.jenkins-ci.plugins, script-security is vulnerable to sandbox bypass. The vulnerability is due to improper handling of default parameter expressions in constructors, which allows an attacker to execute arbitrary code through crafted sandboxed scripts...

perl-HTTP-Tiny security update

0.076-461 - Changes the verifySSL default parameter from 0 to 1 - CVE-2023-31486 - Resolves: rhbz2228412...

SUSE CVE-2019-16538

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts...

GHSA-99MF-F3QH-WQRP Improper Input Validation in Jenkins Pipeline: Groovy Plugin

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

GHSA-72GX-QQ2M-6XR2 Improper Control of Generation of Code in Jenkins Script Security Plugin

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts...

CVE-2021-26626

Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to ...

redis: Integer overflow issue with strings

An integer overflow issue was found in redis in the underlying string library. The vulnerability involves changing the default "proto-max-bulk-len" configuration parameter to a very large value and constructing specially crafted network payloads or commands. This flaw allows a remote attacker to...

jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

Sandbox Restrictions Bypass

jenkins-pipeline-groovy-plugin is vulnerable to sandbox restrictions bypass. An attacker is able to bypass the sandbox protection through default parameter expressions in CPS-transformed methods...

jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

CVE-2020-2109

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

CVE-2020-2109

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

CVE-2020-2109

CVE-2020-2109 is corroborated by the GHSA entry for Jenkins Pipeline: Groovy Plugin. The vulnerability concerns sandbox protection bypass via default parameter expressions in CPS-transformed methods, affecting Jenkins Pipeline: Groovy Plugin versions 2.78 and earlier. The connected documents iden...

jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin

A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through default parameter expressions in constructors. This allowed attackers, able to specify and run sandboxed scripts, to execute arbitrary code in the context of the Jenkins master JVM. The highes...

CVE-2019-16538

CVE-2019-16538 is a sandbox bypass in Jenkins Script Security Plugin (1.67 and earlier) that allowed arbitrary code execution in sandboxed scripts. The issue is cited in multiple advisories (GHSA-62PM-MGRH-7P69 and RHSA-2020:3616/2737) and Red Hat OpenShift updates list the vulnerability as a fix...

CVE-2019-10431

A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through default parameter expressions in constructors. This allowed attackers, able to specify and run sandboxed scripts, to execute arbitrary code in the context of the Jenkins master JVM. The highes...

PT-2019-11825 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.64 and earlier Description: A sandbox bypass issue related to the handling of default parameter expressions in constructors allows attackers to execute arbitrary code in sandboxed scripts...

CyberLink LabelPrint Buffer Overflow Vulnerability

CyberLink LabelPrint is a fast and easy to use CD-ROM labeling software that supports the latest lightscribe CD-ROM cover burning technology. A stack buffer overflow vulnerability exists in CyberLink LabelPrint version 2.5. A remote attacker can use the 'author', 'artist', 'artist' or ' default'...

SQL injection vulnerability in LiveX video conferencing system/default.asp parameter of Shanghai Caiman Software Technology Co.

LiveX video conferencing system of Shanghai ColorManager Software Technology Co., Ltd. is a mobile HD video conferencing system solution. There is a SQL injection vulnerability in the parameter /default.asp of LiveX Video Conference System of Shanghai Color League Software Technology Co., Ltd,...