Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pipeline: groovy vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2022-25177
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrar...
Jenkins Pipeline\\ Shared Groovy Libraries
356
VMScore
CVE-2022-25180
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.
Jenkins Pipeline\\ Groovy
578
VMScore
CVE-2022-25181
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a glo...
Jenkins Pipeline\\ Shared Groovy Libraries
578
VMScore
CVE-2022-25183
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Je...
Jenkins Pipeline\\ Shared Groovy Libraries
357
VMScore
CVE-2022-23109
Jenkins HashiCorp Vault Plugin 3.7.0 and previous versions does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.
Jenkins Hashicorp Vault
668
VMScore
CVE-2021-21696
Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library wi...
Jenkins Jenkins
580
VMScore
CVE-2020-2109
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and previous versions can be circumvented through default parameter expressions in CPS-transformed methods.
Jenkins Pipeline\\ Groovy
356
VMScore
CVE-2019-10357
A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and previous versions allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.
Jenkins Pipeline\\ Shared Groovy Libraries
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
668
VMScore
CVE-2019-1003041
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and previous versions allows malicious users to invoke arbitrary constructors in sandboxed scripts.
Jenkins Pipeline\\ Groovy
Redhat Openshift Container Platform 3.11
668
VMScore
CVE-2019-1003040
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and previous versions allows malicious users to invoke arbitrary constructors in sandboxed scripts.
Jenkins Script Security
Redhat Openshift Container Platform 3.11
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »