Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins script security vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2023-25765
In Jenkins Email Extension Plugin 2.93 and previous versions, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context ...
Jenkins Email Extension
9.9
CVSSv3
CVE-2022-43401
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to ...
Jenkins Script Security
9.9
CVSSv3
CVE-2022-43403
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox pr...
Jenkins Script Security
9.9
CVSSv3
CVE-2022-43404
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and previous versions allows attackers with permission to define and run sandboxed scripts, including...
Jenkins Script Security
9.9
CVSSv3
CVE-2020-2279
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and previous versions allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controlle...
Jenkins Script Security
9.9
CVSSv3
CVE-2019-10458
Jenkins Puppet Enterprise Pipeline 1.3.1 and previous versions specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
Jenkins Puppet Enterprise Pipeline
9.9
CVSSv3
CVE-2019-10431
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and previous versions related to the handling of default parameter expressions in constructors allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
9.9
CVSSv3
CVE-2019-10417
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed malicious users to invoke arbitrary methods, bypassing typical sandbox protection.
Jenkins Kubernetes Pipeline
9.9
CVSSv3
CVE-2019-10418
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed malicious users to invoke arbitrary methods, bypassing typical sandbox protection.
Jenkins Kubernetes Pipeline
9.9
CVSSv3
CVE-2019-10328
Jenkins Pipeline Remote Loader Plugin 1.4 and previous versions provided a custom whitelist for script security that allowed malicious users to invoke arbitrary methods, bypassing typical sandbox protection.
Jenkins Pipeline Remote Loader
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »