Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pipeline: groovy vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-43406
A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and previous versions allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sand...
Jenkins Groovy Libraries
NA
CVE-2022-43405
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and previous versions allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protect...
Jenkins Groovy Libraries
6.5
CVSSv2
CVE-2019-1003001
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and previous versions in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/R...
Jenkins Pipeline\\ Groovy
Redhat Openshift Container Platform 3.11
1 EDB exploit
1 Github repository
6.5
CVSSv2
CVE-2019-1003002
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and previous versions in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pi...
Jenkins Pipeline\\ Declarative
Redhat Openshift Container Platform 3.11
1 EDB exploit
1 Github repository
6.8
CVSSv2
CVE-2022-30945
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and previous versions allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
Jenkins Pipeline\\ Groovy
NA
CVE-2022-43402
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to b...
Jenkins Pipeline\\ Groovy
6.5
CVSSv2
CVE-2020-2109
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and previous versions can be circumvented through default parameter expressions in CPS-transformed methods.
Jenkins Pipeline\\ Groovy
4
CVSSv2
CVE-2022-25178
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file s...
Jenkins Pipeline\\ Shared Groovy Libraries
6.5
CVSSv2
CVE-2022-25174
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafte...
Jenkins Pipeline\\ Shared Groovy Libraries
4
CVSSv2
CVE-2022-25180
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.
Jenkins Pipeline\\ Groovy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »