4 matches found
Python Safe TAR Scanner
This Python tool provides a scanner for TAR archives, designed to detect unsafe or malicious entries before extraction...
Default credentials
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAtObject, String, Object; DefaultGroovyMethods.getAtObject, String. These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild'rawBuild' rather than...
CVE-2017-1000095
CVE-2017-1000095 concerns the Jenkins Script Security plugin where the default whitelist contains unsafe entries (DefaultGroovyMethods.putAt and DefaultGroovyMethods.getAt) that bypass sandbox restrictions (e.g., via currentBuild['rawBuild'] vs currentBuild.rawBuild) and allow accessing private d...
CVE-2017-1000095
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAtObject, String, Object; DefaultGroovyMethods.getAtObject, String. These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild'rawBuild' rather than...