Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
groovy vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-29047
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and previous versions, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changin...
Jenkins Pipeline\\ Shared Groovy Libraries
5
CVSSv2
CVE-2022-21700
Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content Type header leads to memory leak in DefaultArgumentConversionContext as this type ...
Objectcomputing Micronaut
5
CVSSv2
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows malicious users to send crafted HTTP requests returning the contents of any file on th...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
1 EDB exploit
5
CVSSv2
CVE-2016-6497
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows malicious users to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
Apache Groovy Ldap
4.3
CVSSv2
CVE-2019-10753
In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure con...
Diffplug Eclipse-groovy
Diffplug Eclipse-cdt
Diffplug Eclipse-wtp
4
CVSSv2
CVE-2022-25176
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines...
Jenkins Pipeline\\ Groovy
4
CVSSv2
CVE-2022-25177
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrar...
Jenkins Pipeline\\ Shared Groovy Libraries
4
CVSSv2
CVE-2022-25178
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file s...
Jenkins Pipeline\\ Shared Groovy Libraries
4
CVSSv2
CVE-2022-25180
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.
Jenkins Pipeline\\ Groovy
4
CVSSv2
CVE-2022-23109
Jenkins HashiCorp Vault Plugin 3.7.0 and previous versions does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.
Jenkins Hashicorp Vault
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »