jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin

A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...

CVE-2023-28677

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...

pipeline-build-step: Password parameter default values exposed

A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromis...

PT-2022-17124 · Jenkins · Jenkins Pipeline: Build Step Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Build Step Plugin versions 2.15 and earlier Description: The issue allows attackers with Item/Read permission to retrieve the default password parameter value from jobs when generating a pipeline script using the Pipeline...

PT-2019-11302 · Jenkins · Groovy Plugin +2

Name of the Vulnerable Software and Affected Versions: Pipeline: Groovy Plugin versions 2.61 and earlier Description: A sandbox bypass issue exists that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM by providing a pipeline script to an HTTP...