Arbitrary code execution vulnerability in Jenkins Speaks! Plugin

Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts...

GHSA-GH38-X2WM-XMC8 Code injection in ShenYu

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

Apache ShenYu Code Injection Vulnerability

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...

CVE-2021-45029 Apache ShenYu 2.4.1 Groovy Code Injection & SpEL Injection

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

GitHub Security Lab: [Java] CWE-094: Query to detect Groovy Code Injections

This bug was reported directly to GitHub Security Lab...

Crlf injection

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job paramete...

PT-2021-14358 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: OneDev versions prior to 4.0.3 Description: OneDev is an all-in-one devops platform with a critical issue involving the build endpoint parameters. The InputSpec is used to define parameters of a Build spec, utilizing dynamically generated...

Code injection

An issue was discovered in reportedit.jsp in Determine formerly Selectica Contract Lifecycle Management CLM v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server...

CVE-2019-20155

An issue was discovered in reportedit.jsp in Determine formerly Selectica Contract Lifecycle Management CLM v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server...

CVE-2019-10390

A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM...

CloudBees Jenkins Speaks! plugin arbitrary code execution vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. that are used to monitor the order of repetitive work.Speaks! Plugin is a voice plugin used in... A security vulnerability exists in the CloudBees Jenkins Speaks! plugin. An...

Elevation Of Privileges

speaks is vulnerable to elevation of privileges. Users who have the Job/Configure permission can run Groovy code inside the Jenkins JVM, elevating their privilege to Overall/Run Scripts...

CVE-2017-1000403

Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts...

CVE-2017-1000403

Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts...

CVE-2016-6521

Cross-site request forgery CSRF vulnerability in Grails console aka Grails Debug Console and Grails Web Console 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors...

CVE-2016-6521

Cross-site request forgery CSRF vulnerability in Grails console aka Grails Debug Console and Grails Web Console 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Grails console aka Grails Debug Console and Grails Web Console 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors...

CVE-2016-6521

CVE-2016-6521: CSRF vulnerability in Grails console (Grails Debug Console / Grails Web Console) versions 2.0.7, 1.5.10 and earlier. It allows remote attackers to hijack user authentication for requests that execute arbitrary Groovy code via unspecified vectors. Affected products/versions are name...

CVE-2016-6521

Cross-site request forgery CSRF vulnerability in Grails console aka Grails Debug Console and Grails Web Console 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors...

Exploit for CVE-2015-1427

Elasticsearch 1.4.0 1.4.2 Remote Code Execution Elastics...