Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
groovy vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-1003006
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and previous versions in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary c...
Jenkins Groovy
6.5
CVSSv2
CVE-2019-1003033
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and previous versions in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
Jenkins Groovy
NA
CVE-2022-43405
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and previous versions allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protect...
Jenkins Groovy Libraries
NA
CVE-2022-43406
A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and previous versions allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sand...
Jenkins Groovy Libraries
5
CVSSv2
CVE-2016-6497
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows malicious users to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
Apache Groovy Ldap
3.5
CVSSv2
CVE-2018-1000202
A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other use...
Jenkins Groovy Postbuild
6.8
CVSSv2
CVE-2013-2760
Buffer overflow in Groovy Media Player 3.2.0 allows remote malicious users to execute arbitrary code via a long string in a .m3u file.
Bestwebsharing Groovy Media Player 3.2.0
1 EDB exploit
6.8
CVSSv2
CVE-2009-4931
Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.
Bestwebsharing Groovy Media Player 1.1.0
4.3
CVSSv2
CVE-2019-10753
In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure con...
Diffplug Eclipse-groovy
Diffplug Eclipse-cdt
Diffplug Eclipse-wtp
9
CVSSv2
CVE-2016-0792
Multiple unspecified API endpoints in Jenkins prior to 1.650 and LTS prior to 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
Jenkins Jenkins
Redhat Openshift 3.1
2 EDB exploits
2 Metasploit modules
4 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »