Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins script security vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-2110
Sandbox protection in Jenkins Script Security Plugin 1.69 and previous versions could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.
Jenkins Script Security
8.8
CVSSv3
CVE-2019-16538
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and previous versions related to the handling of default parameter expressions in closures allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
8.8
CVSSv3
CVE-2019-10380
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and previous versions specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
Jenkins Simple Travis Pipeline Runner
8.8
CVSSv3
CVE-2019-10355
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and previous versions related to the handling of type casts allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
8.8
CVSSv3
CVE-2019-10356
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and previous versions related to the handling of method pointer expressions allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
8.8
CVSSv3
CVE-2019-1003024
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and previous versions in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution o...
Jenkins Script Security
Redhat Openshift Container Platform 3.11
8.8
CVSSv3
CVE-2019-1003005
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and previous versions in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP...
Jenkins Script Security
2 Github repositories
8.8
CVSSv3
CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and previous versions in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the ...
Jenkins Script Security
Redhat Openshift Container Platform 3.11
2 EDB exploits
6 Github repositories
8.8
CVSSv3
CVE-2018-1000865
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and previous versions in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, i...
Jenkins Script Security
Redhat Openshift Container Platform 3.11
8.8
CVSSv3
CVE-2017-1000096
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular J...
Jenkins Pipeline\\ Groovy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »