615 matches found
CVE-2019-1003005
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result i...
CVE-2019-1003005
CVE-2019-1003005 describes a sandbox bypass in Jenkins Script Security Plugin (versions 1.50 and earlier) where an attacker with Overall/Read permission can supply a Groovy script to an HTTP endpoint, potentially leading to arbitrary code execution on the Jenkins master JVM. Public references (in...
CVE-2019-1003005
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result i...
PT-2019-2297 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.50 and earlier Description: The issue is related to errors in handling Groovy scripts, which can be exploited by a remote attacker to bypass the sandbox and execute arbitrary code on the Jenkins maste...
CloudBees Script Security Plugin Remote Code Execution Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , the tool is mainly used to monitor the order of repetitive work . Script Security is one of the plug-ins used to detect the script security . A...
Security feature bypass
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...
CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...
CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...
CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...
CVE-2019-1003000
CVE-2019-1003000 is a sandbox bypass/remote code execution flaw in Jenkins via the Script Security Plugin (and depending on Groovy/Declarative plugins). Affected components include Script Security Plugin versions up to 1.49 and earlier, with vulnerable code in GroovySandbox.java that lets attacke...
PT-2019-11301 · Jenkins · Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Script Security Plugin versions 1.49 and earlier Description: A sandbox bypass issue exists that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. This is due to a vulnerabilit...
PT-2019-11303 · Jenkins · Pipeline: Declarative Plugin +1
Name of the Vulnerable Software and Affected Versions: Pipeline: Declarative Plugin versions 1.3.3 and earlier Description: A sandbox bypass issue exists that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM by providing a pipeline script to an HTT...
PT-2019-11302 · Jenkins · Groovy Plugin +2
Name of the Vulnerable Software and Affected Versions: Pipeline: Groovy Plugin versions 2.61 and earlier Description: A sandbox bypass issue exists that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM by providing a pipeline script to an HTTP...
CVE-2018-1000865
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
CVE-2018-1000865
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
CVE-2018-1000865
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
CVE-2018-1000865
CVE-2018-1000865 describes a sandbox bypass in Jenkins: Script Security Plugin 1.47 and earlier, via groovy-sandbox/SandboxTransformer.java, allows attackers with Job/Configure permission to run arbitrary code on the Jenkins master JVM if Groovy sandboxed plugins are installed. Connected referenc...
CVE-2017-2650
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...
CVE-2017-2650
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...
Design/Logic Flaw
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...