Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
script security vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2022-43401
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to ...
Jenkins Script Security
9.9
CVSSv3
CVE-2022-43403
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox pr...
Jenkins Script Security
6.5
CVSSv3
CVE-2017-1000505
In Jenkins Script Security Plugin version 1.36 and previous versions, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins mast...
Jenkins Script Security
8.8
CVSSv3
CVE-2019-1003005
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and previous versions in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP...
Jenkins Script Security
2 Github repositories
9.9
CVSSv3
CVE-2022-43404
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and previous versions allows attackers with permission to define and run sandboxed scripts, including...
Jenkins Script Security
4.3
CVSSv3
CVE-2022-30946
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and previous versions allows malicious users to have Jenkins send an HTTP request to an attacker-specified webserver.
Jenkins Script Security
8.8
CVSSv3
CVE-2020-2135
Sandbox protection in Jenkins Script Security Plugin 1.70 and previous versions could be circumvented through crafted method calls on objects that implement GroovyInterceptable.
Jenkins Script Security
8.8
CVSSv3
CVE-2023-24422
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
Jenkins Script Security
8.8
CVSSv3
CVE-2020-2110
Sandbox protection in Jenkins Script Security Plugin 1.69 and previous versions could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.
Jenkins Script Security
8.8
CVSSv3
CVE-2020-2134
Sandbox protection in Jenkins Script Security Plugin 1.70 and previous versions could be circumvented through crafted constructor calls and crafted constructor bodies.
Jenkins Script Security
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »