Code Injection

org.jenkins-ci.plugins.workflow, puppet-enterprise-pipeline is vulnerable to code injection The vulnerability is due to unsafe values specified in the custom Script Security whitelist, which allows an attacker with the ability to execute Script Security-protected scripts to execute arbitrary code...

PT-2019-11852 · Puppet +1 · Jenkins Puppet Enterprise Pipeline +1

Name of the Vulnerable Software and Affected Versions: Jenkins Puppet Enterprise Pipeline versions 1.3.1 and earlier Description: The issue allows attackers to execute arbitrary code if they can execute Script Security protected scripts, due to unsafe values specified in the custom Script Securit...

PT-2019-11811 · Jenkins · Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin affected versions not specified Description: The issue concerns a custom whitelist for script security in the Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin, which allowed...

CVE-2019-10380

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...