7 matches found
Sandbox Protection Bypass
io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps is vulnerable to Sandbox Protection Bypass. The vulnerability is due to an overly permissive custom script security whitelist, which allows an attacker to invoke arbitrary methods and bypass sandbox restrictions...
com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.openshift.jenkins:openshift-pipeline (>=1.0.14 <=1.0.57) +39 more potentially affected by CVE-2022-43401 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2660.vb_c0412dc4e6d)
org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =1.0.14, =1.3.0, =0.9.0, =1.22, =1.0, =1.0, =1.0, =0.1-beta-1, =0.1-beta-5, =1.9-beta-1, =2.3 and more Source cves: CVE-2022-43401 Source advisory: OSV:GHSA-7VR5-72W7-Q6JC...
io.fabric8.pipeline:kubernetes-pipeline-aggregator (=1.3) potentially affected by CVE-2019-10417 via io.fabric8.pipeline:kubernetes-pipeline-steps (=1.3)
io.fabric8.pipeline:kubernetes-pipeline-steps MAVEN version =1.3 is affected by a known vulnerability. The following packages have a transitive dependency on io.fabric8.pipeline:kubernetes-pipeline-steps and may be impacted: - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 Source cves:...
com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +94 more potentially affected by CVE-2022-25173 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.92)
org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2022-25173 Source advisory: OSV:GHSA-4M7P-55JM-3VW...
Unspecified Vulnerability in CloudBees Jenkins Kubernetes::Pipeline::Kubernetes Steps Plugin
CloudBees Jenkins Hudson Labs is a set of U.S. CloudBees company based on Java development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks.Kubernetes::Pipeline::Arquillian Steps Plugin is used in...
CVE-2019-10418
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10417
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...