670 matches found
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
CVE-2022-30946
CVE-2022-30946 is a CSRF vulnerability in Jenkins Script Security Plugin (affecting versions up to 1158.v7c1b_73a_69a_08 and earlier). An authenticated attacker can induce Jenkins to send an HTTP request to a attacker‑specified webserver, enabling malicious activity such as cross‑site scripting a...
CVE-2022-30946
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
CVE-2022-30946
A cross-site request forgery CSRF vulnerability in Jenkins Script Security Plugin 1158.v7c1b73a69a08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver...
GHSA-XGJX-96V4-MQXX Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...
PT-2022-20400 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1158.v7c1b 73a 69a 08 and earlier Description: A cross-site request forgery CSRF issue allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. This occurs because the...
Jenkins Script Security Plugin Remote Code Execution (CVE-2019-1003029)
A remote code execution vulnerability exists in Jenkins Script Security Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
GHSA-R9JF-HF9X-7HRV Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...
Exposure of sensitive information vulnerability
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration...
GHSA-68QX-WHXM-H4C4 Exposure of sensitive information vulnerability
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration...
Improper Privilege Management in Jenkins
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
GHSA-P4P5-3V2J-W5RV Improper Privilege Management in Jenkins
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...
GHSA-H7RX-R733-7X7R Sandbox bypass in Jenkins Script Security Plugin sandbox bypass
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...
GHSA-3PV3-JJ4H-P528 Sandbox bypass vulnerability in Jenkins Script Security Plugin
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...
GHSA-X5JM-RJ37-5QH7 Sandbox Bypass in Script Security Plugin
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result i...
GHSA-3QRQ-R688-VVH4 Multiple valid tokens for password reset in Shopware
Impact Multiple tokens for password reset could be requested. All tokens could be used to change the password. This makes it possible for an attacker to take over the victims account if s/he gains access to the victims email account and finds unused password reset token in the emails within the...
Malfunction of CSRF token validation in Shopware
Impact The CSRF tokens were not renewed after login and logout. An attacker could impersonate the victim if the attacker is able to use the same device as the victim used beforehand. Patches We recommend updating to the current version 5.7.9. You can get the update to 5.7.9 regularly via the...
GHSA-PF38-V6QJ-J23H Malfunction of CSRF token validation in Shopware
Impact The CSRF tokens were not renewed after login and logout. An attacker could impersonate the victim if the attacker is able to use the same device as the victim used beforehand. Patches We recommend updating to the current version 5.7.9. You can get the update to 5.7.9 regularly via the...
Cross site request forgery (csrf)
Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery CSRF token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7....
CVE-2022-24879 Malfunction of Cross-Site Request Forgery token validation
Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery CSRF token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7....