CVE-2019-10355

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...

CVE-2019-10356

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...

Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

CVE-2019-10356

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

CVE-2019-10355

CVE-2019-10355 is a sandbox bypass in the Jenkins Script Security Plugin (versions up to 1.61 and earlier) that lets attackers escape the sandbox by exploiting how type casts are handled, enabling arbitrary code execution in sandboxed Groovy scripts. The vulnerability affected the plugin used wit...

CVE-2019-10355

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...

CVE-2019-10356

CVE-2019-10356 is a sandbox bypass in Jenkins Script Security Plugin 1.61 and earlier, related to handling of method pointer expressions that could allow an attacker to execute arbitrary code in sandboxed scripts. The vulnerability is referenced across multiple advisories (Red Hat RHSA for OpenSh...

PT-2019-2881 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.61 and earlier Description: A sandbox bypass issue related to the handling of method pointer expressions allows attackers to execute arbitrary code in sandboxed scripts. The vulnerability is related t...

PT-2019-2880 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.61 and earlier Description: The issue is related to a sandbox bypass vulnerability in the handling of type casts, allowing attackers to execute arbitrary code in sandboxed scripts. This could...

CVE-2019-12578

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher.64 binary is setuid root. This binary executes /opt/pia/openvpn-64/openvpn, passing the...

The vulnerability of the Jenkins Script Security plugin, related to incorrect type conversion, allows attackers to invoke arbitrary constructs.

The vulnerability of the Jenkins Script Security plugin is related to incorrect type conversion. Exploiting this vulnerability allows a malicious actor to trigger arbitrary constructs remotely...

RHEL 7 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:1636)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1636 advisory. This advisory contains the jenkins-2-plugins RPM packages for Red Hat OpenShift Container Platform 4.1.4. See the following advisory for the...

Arbitrary Code Execution

jenkins-plugin-workflow-cps is vulnerable to arbitrary code execution. A sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin allows an attacker to invoke arbitrary contructors in sandboxed scripts...

Arbitrary Code Execution

jenkins-plugin-script-security is vulnerable to arbitrary code execution. A sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin allows an attacker to invoke arbitrary constructors in sandboxed scripts...

The vulnerability of the SecureGroovyScript.java component of the Jenkins Script Security plugin allows a perpetrator to execute arbitrary code.

The vulnerability of the SecureGroovyScript.java component src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java of the Jenkins Script Security plugin is related to errors in processing Groovy scripts. Exploiting this vulnerability can allow a malicious actor t...

The vulnerabilities of the components GroovySandbox.java and SecureGroovyScript.java of the Jenkins Script Security plugin allow a perpetrator to execute arbitrary code.

The vulnerabilities of the GroovySandbox.java component src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java and SecureGroovyScript.java component src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java of the Jenkins Script Securi...

jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)

A flaw was found in the Jenkins Script Security plugin. Groovy Plugins could be circumvented through methods supporting type casts and type coercion allowing attackers to invoke constructors for arbitrary types. The highest threat from this vulnerability is to data confidentiality and integrity a...

Code injection

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

CVE-2019-10328

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...