670 matches found
CVE-2019-10356
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...
Security feature bypass
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...
CVE-2019-10356
CVE-2019-10356 is a sandbox bypass in Jenkins Script Security Plugin 1.61 and earlier, related to handling of method pointer expressions that could allow an attacker to execute arbitrary code in sandboxed scripts. The vulnerability is referenced across multiple advisories (Red Hat RHSA for OpenSh...
CVE-2019-10355
CVE-2019-10355 is a sandbox bypass in the Jenkins Script Security Plugin (versions up to 1.61 and earlier) that lets attackers escape the sandbox by exploiting how type casts are handled, enabling arbitrary code execution in sandboxed Groovy scripts. The vulnerability affected the plugin used wit...
CVE-2019-10355
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts...
CVE-2019-10364
Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log...
Arbitrary Code Execution
jenkins-plugin-script-security is vulnerable to arbitrary code execution. A sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin allows an attacker to invoke arbitrary constructors in sandboxed scripts...
Arbitrary Code Execution
jenkins-plugin-workflow-cps is vulnerable to arbitrary code execution. A sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin allows an attacker to invoke arbitrary contructors in sandboxed scripts...
Sandbox Protection Bypass
Jenkins Script Security Plugin is vulnerable to sandbox protection bypass vulnerability. This exists in the src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java which allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint...
Arbitrary Code Execution
Jenkins Script Security Plugin is vulnerable to arbitrary code execution attacks. This exists in the src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java and src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java which allows...
CloudBees Jenkins Sandbox Bypass Vulnerability (CNVD-2019-09287)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Script Security Plugin is used in one of the...
Security feature bypass
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...
CVE-2019-1003040
The CVE-2019-1003040 entry covers a sandbox bypass in Jenkins Script Security Plugin (versions 1.55 and earlier). The underlying issue allows an attacker to invoke arbitrary constructors from sandboxed Groovy scripts, effectively bypassing sandbox protections. Documented as a security vulnerabili...
CVE-2019-1003040
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...
PT-2019-2578 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.55 and earlier Description: The issue is related to a sandbox bypass vulnerability in the Jenkins Script Security Plugin, which is caused by incorrect type conversion. This allows a remote attacker to...
Security feature bypass
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...
CVE-2019-1003029
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...
CVE-2019-1003029
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...
CVE-2019-1003029
CVE-2019-1003029 describes a sandbox bypass in Jenkins Script Security Plugin (versions ≤ 1.53) that lets attackers with Overall/Read permission execute arbitrary code on the Jenkins master JVM. Affected components are in the plugin’s Groovy sandbox: GroovySandbox.java and SecureGroovyScript.java...
CVE-2019-1003029
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...