609 matches found
CVE-2022-43403
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
CVE-2022-43404
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandb...
CVE-2022-43403
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
CVE-2022-43401
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection a...
CVE-2022-43401
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection a...
CVE-2022-43401
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection a...
Security feature bypass
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection a...
Security feature bypass
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandb...
Security feature bypass
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
PT-2022-26888 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1183.v774b 0b 0a a 451 and earlier Description: A sandbox bypass issue exists, involving crafted constructor bodies and calls to sandbox-generated synthetic constructors, which allows attackers with...
CVE-2022-43401
CVE-2022-43401 is a critical sandbox bypass in Jenkins Script Security Plugin (versions up to 1183.v774b_0b_0a_a_451 and earlier). The vulnerability stems from a sandbox bypass caused by various implicit casts performed by the Groovy language runtime, allowing attackers with permission to define ...
Jenkins Plugin Script Security 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2022-26887 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1183.v774b 0b 0a a 451 and earlier Description: A sandbox bypass issue involves casting an array-like value to an array type, allowing attackers with permission to define and run sandboxed scripts,...
CVE-2022-43404
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandb...
CVE-2022-43404
CVE-2022-43404: A sandbox bypass in Jenkins Script Security Plugin (versions up to 1183.v774b_0b_0a_a_451 and earlier) allows authenticated/authorized users to bypass the sandbox and execute arbitrary code in the Jenkins controller JVM via crafted constructor bodies and calls to sandbox-generated...
CVE-2022-43403
CVE-2022-43403 is a sandbox bypass in Jenkins Script Security Plugin prior to 1183.v774b_0b_0a_a_451, where casting an array-like value to an array type enables sandboxed pipelines to execute arbitrary code in the Jenkins controller JVM. Affected component: Jenkins Script Security Plugin (version...
CVE-2022-43403
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
Jenkins Plugin Script Security 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Apache XML Graphics Batik代码问题漏洞
Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.Apache XML Graphics Batik is vulnerable to server-side request forgery, which is caused by a flaw in the DefaultScriptSecurity function. An attacker could exploi...
CVE-2022-30946
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...