8 matches found
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
PT-2024-35373 · Jenkins · Jenkins Pipeline: Declarative Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Declarative Plugin versions 2.2214.vb b 34b 2ea 9b 83 and earlier Description: The issue allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved, as the plugin...
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin
Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the input step. This ID is used for the URLs that process user interactions for the given input step proceed or abort and is not correctly encoded. This allows attackers able to...
Security feature bypass
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...
CVE-2019-1003002
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...
CVE-2019-1003002
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP...