14 matches found
Sandbox Bypass
org.jenkins-ci.plugins, script-security is vulnerable to sandbox bypass. The vulnerability is due to improper handling of default parameter expressions in constructors, which allows an attacker to execute arbitrary code through crafted sandboxed scripts...
SUSE CVE-2019-16538
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts...
GHSA-99MF-F3QH-WQRP Improper Input Validation in Jenkins Pipeline: Groovy Plugin
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...
GHSA-72GX-QQ2M-6XR2 Improper Control of Generation of Code in Jenkins Script Security Plugin
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts...
jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...
Sandbox Restrictions Bypass
jenkins-pipeline-groovy-plugin is vulnerable to sandbox restrictions bypass. An attacker is able to bypass the sandbox protection through default parameter expressions in CPS-transformed methods...
jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...
CVE-2020-2109
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...
CVE-2020-2109
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...
CVE-2020-2109
CVE-2020-2109 is corroborated by the GHSA entry for Jenkins Pipeline: Groovy Plugin. The vulnerability concerns sandbox protection bypass via default parameter expressions in CPS-transformed methods, affecting Jenkins Pipeline: Groovy Plugin versions 2.78 and earlier. The connected documents iden...
jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin
A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through default parameter expressions in constructors. This allowed attackers, able to specify and run sandboxed scripts, to execute arbitrary code in the context of the Jenkins master JVM. The highes...
CVE-2019-16538
CVE-2019-16538 is a sandbox bypass in Jenkins Script Security Plugin (1.67 and earlier) that allowed arbitrary code execution in sandboxed scripts. The issue is cited in multiple advisories (GHSA-62PM-MGRH-7P69 and RHSA-2020:3616/2737) and Red Hat OpenShift updates list the vulnerability as a fix...
CVE-2019-10431
A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through default parameter expressions in constructors. This allowed attackers, able to specify and run sandboxed scripts, to execute arbitrary code in the context of the Jenkins master JVM. The highes...
PT-2019-11825 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.64 and earlier Description: A sandbox bypass issue related to the handling of default parameter expressions in constructors allows attackers to execute arbitrary code in sandboxed scripts...