22 matches found
EUVD-2022-4918
Malicious code in bioql PyPI...
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
A flaw was found in Jenkins Pipeline: Declarative Plugin pipeline-model-definition. This vulnerability allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved via insufficient script approval checks...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
Build Replay Attack
org.jenkins-ci.plugins.workflow, workflow-cps is vulnerable to Build Replay Attack. The vulnerability is due to the plugin not verifying whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build with an unapprove...
GHSA-P2QQ-C693-Q53W Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b83 and earlier does not check whether the main Jenkinsfile script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer...
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer...
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b83 and earlier does not check whether the main Jenkinsfile script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer...
CVE-2022-45379
A flaw was found in the script-security Jenkins Plugin. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest. The affected version of the script-security Plugin stores whole-script approvals as the SHA-1 hash of the approved script...
GHSA-Q87G-7MP5-765Q Improper Neutralization of Input During Web Page Generation in Jenkins Script Security Plugin
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...
jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
Cross-site Scripting (XSS)
jenkins-script-security-plugin is vulnerable to cross-site scripting XSS. The vulnerability exists it does not correctly escape pending or approved classpath entries on the In-process Script Approval page...