Lucene search
K

4 matches found

CVE
CVE
added 2022/11/15 12:0 a.m.335 views

CVE-2022-45379

CVE-2022-45379 affects Jenkins Script Security Plugin: versions 1189.vb_a_b_7c8fd5fde and earlier store whole-script approvals as the SHA-1 hash of the script, making them susceptible to SHA-1 collision attacks. Affected product: Jenkins Script Security Plugin (1189.vb_a_b_7c8fd5fde and earlier)....

7.5CVSS7.3AI score0.00468EPSS
CVE
CVE
added 2024/11/13 8:53 p.m.308 views

CVE-2024-52549

CVE-2024-52549 affects Jenkins Script Security Plugin (1367.vdf2fc45f229c and earlier, with exceptions 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776). The issue is a missing permission check in a form-validation method, allowing attackers with Overall/Read permission to determine wheth...

4.3CVSS6.9AI score0.0036EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.288 views

CVE-2023-24422

CVE-2023-24422 affects Jenkins Script Security Plugin (versions up to 1228.vd93135a_2fb_25 and earlier). The vulnerability is a sandbox bypass in map constructors that lets attackers with permission to define and run sandboxed scripts (including Pipelines) execute arbitrary code in the Jenkins co...

8.8CVSS9.1AI score0.00585EPSS
CVE
CVE
added 2022/05/17 2:5 p.m.149 views

CVE-2022-30946

CVE-2022-30946 is a CSRF vulnerability in Jenkins Script Security Plugin (affecting versions up to 1158.v7c1b_73a_69a_08 and earlier). An authenticated attacker can induce Jenkins to send an HTTP request to a attacker‑specified webserver, enabling malicious activity such as cross‑site scripting a...

4.3CVSS4.7AI score0.00572EPSS