com.sonyericsson.hudson.plugins.rebuild:rebuild (>=320.v5a_0933a_e7d61 <=332.va_1ee476d8f6d), de.peass:peass-ci (=2.3.9-1285.va_202a_66e21fa_) +32 more potentially affected by CVE-2023-24422 via org.jenkins-ci.plugins:script-security (>=1138.v8e727069a_025 <=1228.vd93135a_2fb_25)

org.jenkins-ci.plugins:script-security MAVEN version =1138.v8e727069a025, =320.v5a0933ae7d61, =3.0, =1714.v09593e830cfa, =11.2.0, =5.2.2-3, =4.2.0, =2.9, =1.13.3-4, =264.veae31791b3c9, =5.4.0-4, =6.3.0-3, =1.17.vd2468d9c5e85, =1.18.v880576ea9508 - io.jenkins.plugins:nested-data-reporting =5.2.1 -...

Sandbox bypass in Jenkins Script Security Plugin

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

GHSA-76QJ-9GWH-PVV3 Sandbox bypass in Jenkins Script Security Plugin

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

CVE-2023-24422

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

CVE-2023-24422

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

Security feature bypass

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

CVE-2023-24422

A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...

CVE-2023-24422

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

CVE-2023-24422

CVE-2023-24422 affects Jenkins Script Security Plugin (versions up to 1228.vd93135a_2fb_25 and earlier). The vulnerability is a sandbox bypass in map constructors that lets attackers with permission to define and run sandboxed scripts (including Pipelines) execute arbitrary code in the Jenkins co...

Jenkins Plugin Script Security 操作系统命令注入漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-24422

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

CVE-2023-24422

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a2fb25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the...

plugin: CSRF vulnerability in Script Security Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...

Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions

Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the approved script. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest. Script Security Plugin 1190.v65867aa47126 uses SHA-512 for new...

com.sonyericsson.hudson.plugins.rebuild:rebuild (>=320.v5a_0933a_e7d61 <=332.va_1ee476d8f6d), de.peass:peass-ci (=2.3.9-1285.va_202a_66e21fa_) +29 more potentially affected by CVE-2022-45379 via org.jenkins-ci.plugins:script-security (>=1138.v8e727069a_025 <=1189.vb_a_b_7c8fd5fde)

org.jenkins-ci.plugins:script-security MAVEN version =1138.v8e727069a025, =320.v5a0933ae7d61, =3.0, =1714.v09593e830cfa, =11.2.0, =5.2.2-3, =2.9, =1.13.3-4, =264.veae31791b3c9, =5.4.0-4, =6.3.0-3, =1.17.vd2468d9c5e85, =3.2.1, =1.29.0-5, =1714.v09593e830cfa, =1805.v1455f39c04cf and more Source cve...

GHSA-FV42-MX39-6FPW Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions

Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the approved script. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest. Script Security Plugin 1190.v65867aa47126 uses SHA-512 for new...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.6 / 2.361.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-11-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.6 or 2.x prior to 2.361.3.4. It is, therefore, affected by multiple vulnerabilities including the following: - CVE-2022-38751 on snakeyaml fixed train 2.346.x.0.z BEE-237...

CVE-2022-45379

Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...

CVE-2022-45379

Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...

Design/Logic Flaw

Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks...