Script Security Security Vulnerabilities and Issues — Script Security CVE List

Lucene search

JenkinsScript Security

3 matches found

CVE•added 2017/10/05 1:29 a.m.•56 views

CVE-2017-1000095

The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather th...

6.5CVSS6.3AI score0.00066EPSS

CVE•added 2017/10/05 1:29 a.m.•45 views

CVE-2017-1000107

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.

8.8CVSS8.7AI score0.00274EPSS

CVE•added 2017/02/09 3:59 p.m.•32 views

CVE-2016-3102

The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.

7.5CVSS7AI score0.00051EPSS