Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins script security vulnerabilities and exploits
(subscribe to this query)
4.2
CVSSv3
CVE-2019-10399
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and previous versions related to the handling of property names in property expressions in increment and decrement expressions allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
8.8
CVSSv3
CVE-2020-2134
Sandbox protection in Jenkins Script Security Plugin 1.70 and previous versions could be circumvented through crafted constructor calls and crafted constructor bodies.
Jenkins Script Security
8.8
CVSSv3
CVE-2019-16538
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and previous versions related to the handling of default parameter expressions in closures allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
8.8
CVSSv3
CVE-2020-2135
Sandbox protection in Jenkins Script Security Plugin 1.70 and previous versions could be circumvented through crafted method calls on objects that implement GroovyInterceptable.
Jenkins Script Security
4.2
CVSSv3
CVE-2019-10393
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and previous versions related to the handling of method names in method call expressions allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
4.2
CVSSv3
CVE-2019-10400
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and previous versions related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
4.3
CVSSv3
CVE-2022-30946
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and previous versions allows malicious users to have Jenkins send an HTTP request to an attacker-specified webserver.
Jenkins Script Security
6.5
CVSSv3
CVE-2017-1000505
In Jenkins Script Security Plugin version 1.36 and previous versions, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins mast...
Jenkins Script Security
8.8
CVSSv3
CVE-2023-24422
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
Jenkins Script Security
5.4
CVSSv3
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and previous versions does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
Jenkins Script Security
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »