Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins script security vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2022-43404
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and previous versions allows attackers with permission to define and run sandboxed scripts, including...
Jenkins Script Security
9.8
CVSSv3
CVE-2022-42889
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringL...
Apache Commons Text
Netapp Bluexp -
Juniper Security Threat Response Manager
Juniper Security Threat Response Manager 7.5.0
64 Github repositories
4.3
CVSSv3
CVE-2022-30946
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and previous versions allows malicious users to have Jenkins send an HTTP request to an attacker-specified webserver.
Jenkins Script Security
8.8
CVSSv3
CVE-2022-25173
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on t...
Jenkins Pipeline\\ Groovy
6.5
CVSSv3
CVE-2022-25176
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines...
Jenkins Pipeline\\ Groovy
6.5
CVSSv3
CVE-2022-25184
Jenkins Pipeline: Build Step Plugin 2.15 and previous versions reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs...
Jenkins Pipeline\\ Build Step
8.8
CVSSv3
CVE-2021-21646
Jenkins Templating Engine Plugin 2.1 and previous versions does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.
Jenkins Templating Engine
9.9
CVSSv3
CVE-2020-2279
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and previous versions allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controlle...
Jenkins Script Security
5.4
CVSSv3
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and previous versions does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
Jenkins Script Security
8.8
CVSSv3
CVE-2020-2134
Sandbox protection in Jenkins Script Security Plugin 1.70 and previous versions could be circumvented through crafted constructor calls and crafted constructor bodies.
Jenkins Script Security
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »