CVE-2026-57281

CVE-2026-57281 affects Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier. The root cause is that the plugin does not reject Groovy AST transformation annotations carrying an extensions member, which can allow attackers to run sandboxed Groovy scripts to execute code outside the sandbo...

EUVD-2026-38761

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

CVE-2026-57280

The CVE-2026-57280 affects Jenkins Script Security Plugin (versions up to and including 1402.v94c9ce464861). The issue is that sandboxed Groovy scripts do not intercept implicit type casts in elements of typed for-each loops, which can allow a user-supplied script to invoke arbitrary constructors...

RHCOS 4 : OpenShift Container Platform 4.3.35 jenkins-2-plugins (RHSA-2020:3616)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3616 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...

RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:4055)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4055 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

RHCOS 4 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:4089)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4089 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

RHCOS 4 : OpenShift Container Platform 4.2 jenkins-2-plugins (RHSA-2019:4097)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4097 advisory. - jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in...

RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:0739)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0739 advisory. - jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin SECURITY-1292 CVE-2019-1003005 -...

Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

Jenkins Script Security Plugin 安全漏洞

The Jenkins Script Security Plugin is an open-source plugin developed by Jenkins that provides security controls and permission checks for automated script execution. The Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier contain security vulnerabilities. These vulnerabilities...

EUVD-2016-4157

Malware in sbrugna...

EUVD-2022-4918

Malicious code in bioql PyPI...

EUVD-2022-6986

Malicious code in bioql PyPI...

EUVD-2022-2690

Malicious code in bioql PyPI...

EUVD-2022-5034

Malicious code in bioql PyPI...

EUVD-2022-5684

Malicious code in bioql PyPI...

EUVD-2024-1357

Malicious code in bioql PyPI...

EUVD-2022-3365

Malicious code in bioql PyPI...

EUVD-2022-2227

Malicious code in bioql PyPI...

EUVD-2022-4680

Malicious code in bioql PyPI...