Jenkins

Script Security

32 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2019-10356

  • EPSS 0.04%
  • Published 31.07.2019 13:15:12
  • Last modified 21.11.2024 04:18:57

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.

8.8

CVE-2019-10355

  • EPSS 0.04%
  • Published 31.07.2019 13:15:12
  • Last modified 21.11.2024 04:18:57

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.

9.8

CVE-2019-1003040

  • EPSS 2.25%
  • Published 28.03.2019 18:29:00
  • Last modified 21.11.2024 04:17:47

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.

9.9

CVE-2019-1003029

Warning
  • EPSS 93.04%
  • Published 08.03.2019 21:29:00
  • Last modified 20.02.2025 18:05:05

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/Secure...

8.8

CVE-2019-1003024

  • EPSS 0.32%
  • Published 20.02.2019 21:29:00
  • Last modified 21.11.2024 04:17:45

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitr...

8.8

CVE-2019-1003005

  • EPSS 75.82%
  • Published 06.02.2019 16:29:00
  • Last modified 21.11.2024 04:17:43

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groo...

8.8

CVE-2019-1003000

Exploit
  • EPSS 94.45%
  • Published 22.01.2019 14:29:00
  • Last modified 21.11.2024 04:17:42

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute ar...

8.8

CVE-2018-1000865

  • EPSS 0.64%
  • Published 10.12.2018 14:29:01
  • Last modified 21.11.2024 03:40:31

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the J...

6.5

CVE-2017-1000505

  • EPSS 0.32%
  • Published 25.01.2018 18:29:00
  • Last modified 21.11.2024 03:04:53

In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files...

8.8

CVE-2017-1000107

  • EPSS 0.27%
  • Published 05.10.2017 01:29:04
  • Last modified 20.04.2025 01:37:25

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructor...