CVE-2024-34144

A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including...

Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

Jenkins Script Security Plugin sandbox bypass vulnerability

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

GHSA-2G4Q-9VM9-9FW4 Jenkins Script Security Plugin sandbox bypass vulnerability

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

CVE-2024-34144

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377ae and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the contex...

CVE-2024-34145

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377ae and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox...

CVE-2024-34144

CVE-2024-34144 affects Jenkins Script Security Plugin (1335.vf07d9ce377a_e and earlier). The vulnerability arises from crafted constructor bodies in the script sandbox, enabling sandbox bypass and execution of arbitrary code in the Jenkins controller JVM for users with scripting permissions. Conn...

CVE-2024-34145

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377ae and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox...

Jenkins plugins Multiple Vulnerabilities (2024-05-02)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - High Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are...

PT-2024-25716 · Jenkins · Jenkins Script Security Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1335.vf07d9ce377a e and earlier Description: A sandbox bypass issue involves sandbox-defined classes that shadow specific non-sandbox-defined classes, allowing attackers with permission to define and ru...

CVE-2024-31447

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only...

GHSA-5297-WRRP-RCJ7 Shopware Improper Session Handling in store-api account logout

Impact When a authentificated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on CustomerLogoutEvent and invalidates the session additionally...

Shopware Improper Session Handling in store-api account logout

Impact When a authentificated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on CustomerLogoutEvent and invalidates the session additionally...

CVE-2024-31447 Shopware has Improper Session Handling in store-api

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only...

CVE-2024-31447 Shopware has Improper Session Handling in store-api

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only...

CVE-2024-31447

Shopware 6 contains an improper session handling issue in the store-api logout path. For versions 6.3.5.0 up to but not including 6.6.1.0 and 6.5.8.8, an authenticated POST to /store-api/account/logout clears the cart but does not log the user out. The issue is limited to direct store-api usage; ...

CVE-2024-31447 Shopware has Improper Session Handling in store-api

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only...

PT-2024-24081 · Shopware · Shopware 6

Name of the Vulnerable Software and Affected Versions: Shopware 6 versions 6.3.5.0 through 6.6.1.0 and prior to 6.5.8.8 can be simplified to: Shopware 6 versions 6.3.5.0 through 6.6.0 and versions 6.5.0 through 6.5.8.7 Description: Shopware 6 is an open commerce platform based on Symfony Framewor...

WordPress Plugin SecuPress Free — WordPress Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin SecuPress Free - A securit...

PT-2024-23397 · WordPress · All-In-One-Wp-Security-And-Firewall

Name of the Vulnerable Software and Affected Versions: All In One WP Security & Firewall versions through 5.2.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...