Jenkins

Script Security

32 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2019-10356

  • EPSS 0.04%
  • Veröffentlicht 31.07.2019 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:57

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.

8.8

CVE-2019-10355

  • EPSS 0.04%
  • Veröffentlicht 31.07.2019 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:57

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.

9.8

CVE-2019-1003040

  • EPSS 2.25%
  • Veröffentlicht 28.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:47

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.

9.9

CVE-2019-1003029

Warnung
  • EPSS 93.04%
  • Veröffentlicht 08.03.2019 21:29:00
  • Zuletzt bearbeitet 20.02.2025 18:05:05

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/Secure...

8.8

CVE-2019-1003024

  • EPSS 0.32%
  • Veröffentlicht 20.02.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:45

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitr...

8.8

CVE-2019-1003005

  • EPSS 75.82%
  • Veröffentlicht 06.02.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:43

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groo...

8.8

CVE-2019-1003000

Exploit
  • EPSS 94.45%
  • Veröffentlicht 22.01.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:17:42

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute ar...

8.8

CVE-2018-1000865

  • EPSS 0.64%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:31

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the J...

6.5

CVE-2017-1000505

  • EPSS 0.32%
  • Veröffentlicht 25.01.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:04:53

In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files...

8.8

CVE-2017-1000107

  • EPSS 0.27%
  • Veröffentlicht 05.10.2017 01:29:04
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructor...