Lucene search
K

8 matches found

EUVD
EUVD
added 2026/03/26 1:40 p.m.6 views

EUVD-2026-16189

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

9.9CVSS6.2AI score0.00832EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

OneUptime 安全漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.35 contained security vulnerabilities; these vulnerabilities stemmed from an incomplete sandbox blocklist, which could lead to remot...

9.9CVSS5.8AI score0.00832EPSS
Exploits1References2
OSV
OSV
added 2022/05/14 3:40 a.m.3 views

GHSA-P3G4-9XFV-WQ9V Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin

Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary...

8.8CVSS6.5AI score0.02617EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:40 a.m.20 views

GHSA-MHWQ-4MH7-FV7C Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline

Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with...

8.8CVSS9.1AI score0.01608EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:40 a.m.22 views

Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline

Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with...

8.8CVSS7.8AI score0.01608EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2018/02/06 10:19 p.m.33 views

CVE-2018-1000058

Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary...

8.8CVSS3.6AI score0.02617EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/10/04 1:0 a.m.31 views

CVE-2017-1000096

Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with...

9.1AI score0.01608EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/09/08 3:14 a.m.4 views

jenkins-plugin-workflow-cps: Arbitrary code execution due to incomplete sandbox protection (SECURITY-551)

The jenkins-plugin-script-security has incomplete sandbox protection which allows attackers to execute arbitrary code via constructors, instance variable initializers, and instance initializers in Pipeline scripts. Exploitation of this requires the attacker to have permission to configure Pipelin...

8.8CVSS7.1AI score0.01608EPSS
Exploits0References5
Rows per page
Query Builder