Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
groovy vulnerabilities and exploits
(subscribe to this query)
580
VMScore
CVE-2019-1003005
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and previous versions in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP...
Jenkins Script Security
2 Github repositories
578
VMScore
CVE-2022-25182
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pip...
Jenkins Pipeline\\ Shared Groovy Libraries
578
VMScore
CVE-2022-25173
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on t...
Jenkins Pipeline\\ Groovy
578
VMScore
CVE-2022-25174
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafte...
Jenkins Pipeline\\ Shared Groovy Libraries
578
VMScore
CVE-2022-25181
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a glo...
Jenkins Pipeline\\ Shared Groovy Libraries
578
VMScore
CVE-2022-25183
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Je...
Jenkins Pipeline\\ Shared Groovy Libraries
578
VMScore
CVE-2021-32834
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerabilit...
Eclipse Keti -
578
VMScore
CVE-2021-32829
ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution (RCE) via bypass o...
Zstack Rest Api
578
VMScore
CVE-2021-21248
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to con...
Onedev Project Onedev
578
VMScore
CVE-2020-15824
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default...
Jetbrains Kotlin 1.4.0
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Banking Extensibility Workbench 14.2
Oracle Banking Extensibility Workbench 14.3
Oracle Banking Extensibility Workbench 14.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »