Pipeline: Groovy Security Vulnerabilities and Issues — Pipeline: Groovy CVE List

Lucene search

JenkinsPipeline: Groovy

3 matches found

CVE•added 2019/03/08 9:29 p.m.•986 views

CVE-2019-1003030

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.

9.9CVSS9.6AI score0.92834EPSS

CVE•added 2019/01/22 2:29 p.m.•144 views

CVE-2019-1003001

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a p...

8.8CVSS8.8AI score0.93984EPSS

CVE•added 2019/03/28 6:29 p.m.•80 views

CVE-2019-1003041

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.

9.8CVSS9.4AI score0.02252EPSS