Design/Logic Flaw

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable...

CVE-2020-2135

Sandbox protection bypass in Jenkins Script Security Plugin (versions up to 1.70) can allow arbitrary code execution in sandboxed scripts. The root cause involves crafted constructor calls and bodies (SECURITY-582) and crafted method calls on objects implementing GroovyInterceptable. Mitigation: ...

CVE-2020-2134

CVE-2020-2134 relates to the Jenkins Script Security Plugin (versions up to 1.70) where sandbox protections could be bypassed by crafted constructor calls and bodies, enabling arbitrary code execution in the Jenkins controller JVM. The issue is documented in public advisories (GHSA/GHSA-GJ3Q-P8CM...

CVE-2020-2134

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...

PT-2020-15344 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.70 and earlier Description: The sandbox protection in the Jenkins Script Security Plugin could be circumvented through crafted method calls on objects that implement GroovyInterceptable, or through...

CVE-2020-2110

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

Design/Logic Flaw

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

CVE-2020-2110

CVE-2020-2110 concerns the Jenkins Script Security Plugin (1.69 and earlier) where sandbox protection could be bypassed during script compilation by using AST transforming annotations on imports or inside other annotations. This vulnerability enables arbitrary code execution within sandboxed scri...

CVE-2020-2110

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

CVE-2020-3925

A Remote Code ExecutionRCE vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts...

CVE-2020-3927

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter...

Improper access control

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter...

CVE-2020-3926

The CVE-2020-3926 entry concerns the ServiSign security plugin. Affected component: the security plugin’s API handling. Vulnerability: arbitrary-file-access through crafted API parameters when an attacker knows the specific API function. Impact: potential disclosure or write access to arbitrary f...

CVE-2020-3927

The CVE-2020-3927 entry concerns a vulnerability in the ServiSign security plugin that could allow an attacker to access arbitrary files on the target system by manipulating a crafted API parameter, provided the attacker knows the specific API function. This is supported by the NVD entry describi...

CVE-2020-3925

The CVE-2020-3925 entry concerns a Remote Code Execution vulnerability in some designated ServiSign security plugin applications. The connected CVEList document suggests a root-cause vector: RCE via LoadLibrary on Windows, implying a vulnerable component/function used by the ServiSign plugin. The...

CVE-2020-3925 ServiSign Windows Versions- Remote Code Execution via LoadLibrary

A Remote Code ExecutionRCE vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts...

jenkins-script-security-plugin: handling of property names in property expressions on the left-hand side of assignment expression leads to execute arbitrary code in sandboxed scripts

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts...

jenkins-script-security-plugin: handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts...

jenkins-script-security-plugin: handling of property names in property expressions on the left-hand side of assignment expression leads to execute arbitrary code in sandboxed scripts

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts...

jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts...