Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
script security vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-16538
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and previous versions related to the handling of default parameter expressions in closures allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
NA
CVE-2022-43401
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to ...
Jenkins Script Security
NA
CVE-2022-43403
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox pr...
Jenkins Script Security
NA
CVE-2022-43404
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and previous versions allows attackers with permission to define and run sandboxed scripts, including...
Jenkins Script Security
6.5
CVSSv2
CVE-2019-10431
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and previous versions related to the handling of default parameter expressions in constructors allowed malicious users to execute arbitrary code in sandboxed scripts.
Jenkins Script Security
NA
CVE-2022-45379
Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and previous versions stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.
Jenkins Script Security
6.5
CVSSv2
CVE-2019-1003005
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and previous versions in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP...
Jenkins Script Security
2 Github repositories
6.5
CVSSv2
CVE-2020-2279
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and previous versions allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controlle...
Jenkins Script Security
3.5
CVSSv2
CVE-2020-2190
Jenkins Script Security Plugin 1.72 and previous versions does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
Jenkins Script Security
NA
CVE-2023-24422
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...
Jenkins Script Security
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »