Jenkins

Script Security

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-42519

  • EPSS 0.11%
  • Veröffentlicht 29.04.2026 14:16:18
  • Zuletzt bearbeitet 06.05.2026 16:33:22

A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.

4.3

CVE-2024-52549

  • EPSS 0.28%
  • Veröffentlicht 13.11.2024 21:15:29
  • Zuletzt bearbeitet 10.10.2025 15:29:40

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permiss...

8.8

CVE-2024-34145

  • EPSS 0.06%
  • Veröffentlicht 02.05.2024 14:15:10
  • Zuletzt bearbeitet 10.10.2025 15:34:23

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, ...

9.8

CVE-2024-34144

  • EPSS 50.05%
  • Veröffentlicht 02.05.2024 14:15:10
  • Zuletzt bearbeitet 10.10.2025 15:34:15

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox pro...

8.8

CVE-2023-24422

  • EPSS 0.03%
  • Veröffentlicht 26.01.2023 21:18:16
  • Zuletzt bearbeitet 02.04.2025 15:15:54

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection a...

7.5

CVE-2022-45379

  • EPSS 0.36%
  • Veröffentlicht 15.11.2022 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:29:08

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

9.9

CVE-2022-43403

  • EPSS 0.3%
  • Veröffentlicht 19.10.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 07:26:24

A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to b...

9.9

CVE-2022-43401

  • EPSS 0.2%
  • Veröffentlicht 19.10.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 07:26:24

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, incl...

9.9

CVE-2022-43404

  • EPSS 0.16%
  • Veröffentlicht 19.10.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 07:26:24

A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxe...

4.3

CVE-2022-30946

  • EPSS 0.09%
  • Veröffentlicht 17.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:36

A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.