Script Security Security Vulnerabilities and Issues — Script Security CVE List

Lucene search

JenkinsScript Security

5 matches found

CVE•added 2020/03/09 4:15 p.m.•113 views

CVE-2020-2134

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies.

8.8CVSS8.4AI score0.00183EPSS

CVE•added 2020/03/09 4:15 p.m.•109 views

CVE-2020-2135

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable.

8.8CVSS8.5AI score0.00183EPSS

CVE•added 2020/02/12 3:15 p.m.•106 views

CVE-2020-2110

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

8.8CVSS8.4AI score0.01291EPSS

CVE•added 2020/06/03 1:15 p.m.•102 views

CVE-2020-2190

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.

5.4CVSS5.1AI score0.00122EPSS

CVE•added 2020/09/23 2:15 p.m.•60 views

CVE-2020-2279

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

9.9CVSS9.7AI score0.00285EPSS