670 matches found
GHSA-7VR5-72W7-Q6JC Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...
GHSA-27RF-8MJP-R363 Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...
GHSA-F6MQ-6FX5-W2CH Jenkins Script Security Plugin sandbox bypass vulnerability
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
GHSA-HVCR-927W-QCVQ Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin
Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...
CVE-2022-43403
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
CVE-2022-43403
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
CVE-2022-43403
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
CVE-2022-43401
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection a...
Security feature bypass
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection a...
Security feature bypass
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
CVE-2022-43401
CVE-2022-43401 is a critical sandbox bypass in Jenkins Script Security Plugin (versions up to 1183.v774b_0b_0a_a_451 and earlier). The vulnerability stems from a sandbox bypass caused by various implicit casts performed by the Groovy language runtime, allowing attackers with permission to define ...
CVE-2022-43404
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandb...
CVE-2022-43404
CVE-2022-43404: A sandbox bypass in Jenkins Script Security Plugin (versions up to 1183.v774b_0b_0a_a_451 and earlier) allows authenticated/authorized users to bypass the sandbox and execute arbitrary code in the Jenkins controller JVM via crafted constructor bodies and calls to sandbox-generated...
PT-2022-26887 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1183.v774b 0b 0a a 451 and earlier Description: A sandbox bypass issue involves casting an array-like value to an array type, allowing attackers with permission to define and run sandboxed scripts,...
CVE-2022-43403
CVE-2022-43403 is a sandbox bypass in Jenkins Script Security Plugin prior to 1183.v774b_0b_0a_a_451, where casting an array-like value to an array type enables sandboxed pipelines to execute arbitrary code in the Jenkins controller JVM. Affected component: Jenkins Script Security Plugin (version...
CVE-2022-43403
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
WordPress Titan Anti-spam & Security Plugin < 7.3.1 Block Bypass Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-29489
Cross-Site Request Forgery CSRF vulnerability in Sucuri Security plugin = 1.8.33 at WordPress leading to Event log entry creation...
GHSA-6VFQ-JMXG-G58R Shopware contains sensitive data in backend customer module
Impact The request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. Patches We recommend updating to the current version 5.7.15. You can get the update to 5.7.15 regularly via the Auto-Updater or directly via the...
Shopware contains sensitive data in backend customer module
Impact The request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. Patches We recommend updating to the current version 5.7.15. You can get the update to 5.7.15 regularly via the Auto-Updater or directly via the...