Lucene search
K

29 matches found

vulnersOsv
vulnersOsv
added 2022/02/16 12:1 a.m.7 views

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +16 more potentially affected by CVE-2022-25178 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.17)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0, =1.0, =1.0, =0.1-beta-5, =1.12.1, =2.2, =1.0.4, =0.1, =1.0, =2.3, =1.0, =1.5 and more Source cves: CVE-2022-25178 Source advisory: OSV:GHSA-5HFV-MG5X-MV32...

6.5CVSS6.5AI score0.01668EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/02/16 12:1 a.m.6 views

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +38 more potentially affected by CVE-2022-25181 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.7)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.2.0, =1.0, =1.0, =1.0, =0.1-beta-5, =2.5 and more Source cves: CVE-2022-25181 Source advisory: OSV:GHSA-7W2W-FWPF-9M4H...

8.8CVSS7.6AI score0.01601EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/02/16 12:1 a.m.5 views

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.openshift.jenkins:openshift-pipeline (>=1.0.14 <=1.0.57) +37 more potentially affected by CVE-2022-25180 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=1.9-beta-1)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =1.0.14, =1.3.0, =0.9.0, =1.22, =1.0, =1.0, =1.0, =0.1-beta-1, =0.1-beta-5, =1.9-beta-1, =2.3 and more Source cves: CVE-2022-25180 Source advisory: OSV:GHSA-QV6Q-X9VR-W7J3...

4.3CVSS5.4AI score0.00528EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/02/16 12:1 a.m.5 views

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +38 more potentially affected by CVE-2022-25182 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.7)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.2.0, =1.0, =1.0, =1.0, =0.1-beta-5, =2.5 and more Source cves: CVE-2022-25182 Source advisory: OSV:GHSA-7RCW-FWFH-2H2G...

8.8CVSS7.6AI score0.01601EPSS
Exploits0
Veracode
Veracode
added 2019/06/17 12:21 a.m.24 views

Arbitrary Code Execution

jenkins-plugin-workflow-cps is vulnerable to arbitrary code execution. A sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin allows an attacker to invoke arbitrary contructors in sandboxed scripts...

9.8CVSS9.5AI score0.03366EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2019/06/10 4:58 p.m.3 views

jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)

A flaw was found in the Jenkins Workflow CPS plugin. Groovy Plugins could be circumvented through methods supporting type casts and type coercion allowing attackers to invoke constructors for arbitrary types. The highest threat from this vulnerability is to data confidentiality and integrity as...

9.8CVSS5.8AI score0.03366EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/04/10 6:34 p.m.5 views

jenkins-plugin-workflow-cps: Sandbox bypass in Pipeline: Groovy Plugin (SECURITY-1336(2))

A flaw was found in the Jenkins Workflow CPS plugin. Parsing, compilation, and script instantiations provided by a crafted Groovy script could escape the sandbox allowing users to execute arbitrary code on the Jenkins master. The highest risk from this vulnerability is to data confidentiality and...

9.9CVSS6.1AI score0.75594EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2019/04/01 4:20 a.m.23 views

CVE-2019-1003041

A flaw was found in the Jenkins Workflow CPS plugin. Groovy Plugins could be circumvented through methods supporting type casts and type coercion allowing attackers to invoke constructors for arbitrary types. The highest threat from this vulnerability is to data confidentiality and integrity as...

9.8CVSS4.6AI score0.03366EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/03/20 1:20 a.m.35 views

CVE-2019-1003030

A flaw was found in the Jenkins Workflow CPS plugin. Parsing, compilation, and script instantiations provided by a crafted Groovy script could escape the sandbox allowing users to execute arbitrary code on the Jenkins master. The highest risk from this vulnerability is to data confidentiality and...

9.9CVSS4.5AI score0.75594EPSS
Exploits3References3
Rows per page
Query Builder