Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
groovy vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-15824
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default...
Jetbrains Kotlin 1.4.0
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Banking Extensibility Workbench 14.2
Oracle Banking Extensibility Workbench 14.3
Oracle Banking Extensibility Workbench 14.5
8.8
CVSSv3
CVE-2020-11057
In XWiki Platform 7.2 up to and including 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0.
Xwiki Xwiki
8.8
CVSSv3
CVE-2020-2109
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and previous versions can be circumvented through default parameter expressions in CPS-transformed methods.
Jenkins Pipeline\\ Groovy
8.8
CVSSv3
CVE-2019-20155
An issue exists in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server.
Determine Contract Lifecycle Management 5.4
8.8
CVSSv3
CVE-2019-10390
A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and previous versions allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
Jenkins Splunk
8.8
CVSSv3
CVE-2019-1003033
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and previous versions in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
Jenkins Groovy
8.8
CVSSv3
CVE-2019-1003024
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and previous versions in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution o...
Jenkins Script Security
Redhat Openshift Container Platform 3.11
8.8
CVSSv3
CVE-2019-1003005
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and previous versions in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP...
Jenkins Script Security
2 Github repositories
8.8
CVSSv3
CVE-2019-1003008
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and previous versions in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows malicious users to execute arbitrary code via a form validation HTTP...
Jenkins Warnings Next Generation
8.8
CVSSv3
CVE-2019-1003006
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and previous versions in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary c...
Jenkins Groovy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »