Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
groovy vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46243
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it...
Xwiki Xwiki
6.5
CVSSv2
CVE-2019-10390
A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and previous versions allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
Jenkins Splunk
6.8
CVSSv2
CVE-2016-6521
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and previous versions allows remote malicious users to hijack the authentication of users for requests that execute arbitrary Groovy code via unspeci...
Gopivotal Grails
Gopivotal Grails 2.0.6
6.8
CVSSv2
CVE-2019-1003008
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and previous versions in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows malicious users to execute arbitrary code via a form validation HTTP...
Jenkins Warnings Next Generation
9
CVSSv2
CVE-2020-25802
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions before 3.0.27; 3.1 versions before 3.1....
Craftercms Studio
6.4
CVSSv2
CVE-2018-1000408
A denial of service vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances usi...
Jenkins Jenkins
6.5
CVSSv2
CVE-2022-25183
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Je...
Jenkins Pipeline\\ Shared Groovy Libraries
6.5
CVSSv2
CVE-2019-1003024
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and previous versions in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution o...
Jenkins Script Security
Redhat Openshift Container Platform 3.11
6.5
CVSSv2
CVE-2021-32829
ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution (RCE) via bypass o...
Zstack Rest Api
5
CVSSv2
CVE-2022-29047
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and previous versions, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changin...
Jenkins Pipeline\\ Shared Groovy Libraries
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »