Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins script security vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv2
CVE-2019-10399
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and previous versions related to the handling of property names in property expressions in increment and decrement expressions allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
4.9
CVSSv2
CVE-2019-10400
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and previous versions related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
4.3
CVSSv2
CVE-2022-30946
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and previous versions allows malicious users to have Jenkins send an HTTP request to an attacker-specified webserver.
Jenkins Script Security
4.3
CVSSv2
CVE-2013-1808
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard prior to 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote malicious users to inject arbitrary web script or HTML via the i...
Zeroclipboard Project Zeroclipboard
Zeroclipboard Project Zeroclipboard 1.0.5
4
CVSSv2
CVE-2022-25176
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines...
Jenkins Pipeline\\ Groovy
4
CVSSv2
CVE-2022-25184
Jenkins Pipeline: Build Step Plugin 2.15 and previous versions reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs...
Jenkins Pipeline\\ Build Step
4
CVSSv2
CVE-2017-1000505
In Jenkins Script Security Plugin version 1.36 and previous versions, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins mast...
Jenkins Script Security
4
CVSSv2
CVE-2017-1000095
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild[...
Jenkins Script Security 1.34
3.5
CVSSv2
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and previous versions does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
Jenkins Script Security
3.5
CVSSv2
CVE-2012-6074
Cross-site scripting (XSS) vulnerability in Jenkins prior to 1.491, Jenkins LTS prior to 1.480.1, and Jenkins Enterprise 1.424.x prior to 1.424.6.13, 1.447.x prior to 1.447.4.1, and 1.466.x prior to 1.466.10.1 allows remote authenticated users with write access to inject arbitrar...
Cloudbees Jenkins
Jenkins Jenkins 1.404
Jenkins Jenkins 1.403
Jenkins Jenkins 1.402
Jenkins Jenkins 1.401
Jenkins Jenkins 1.408
Jenkins Jenkins 1.407
Jenkins Jenkins 1.406
Jenkins Jenkins 1.405
Jenkins Jenkins 1.400
Jenkins Jenkins 1.437
Jenkins Jenkins 1.436
Jenkins Jenkins 1.435
Jenkins Jenkins 1.434
Jenkins Jenkins 1.433
Jenkins Jenkins 1.432
Jenkins Jenkins 1.431
Jenkins Jenkins 1.430
Jenkins Jenkins 1.409
Jenkins Jenkins 1.415
Jenkins Jenkins 1.414
Jenkins Jenkins 1.413
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »