A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Source: Jenkins Project
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-05-02
Updated
2024-05-02
A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Source: Jenkins Project
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-05-02
Updated
2024-05-02
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.
Source: MITRE
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-22
A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE).
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.13%
Published
2023-04-02
Updated
2023-04-08
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Source: Jenkins Project
Max CVSS
9.9
EPSS Score
0.12%
Published
2023-02-15
Updated
2023-11-03
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.04%
Published
2023-01-26
Updated
2023-02-04
A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Source: Jenkins Project
Max CVSS
9.9
EPSS Score
0.12%
Published
2022-10-19
Updated
2023-11-22
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Source: Jenkins Project
Max CVSS
9.9
EPSS Score
0.12%
Published
2022-10-19
Updated
2023-11-22
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Source: Jenkins Project
Max CVSS
9.9
EPSS Score
0.12%
Published
2022-10-19
Updated
2023-11-22
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Source: Jenkins Project
Max CVSS
9.9
EPSS Score
0.22%
Published
2022-10-19
Updated
2023-11-22
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Source: Jenkins Project
Max CVSS
9.9
EPSS Score
0.13%
Published
2022-10-19
Updated
2023-11-22
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Source: Jenkins Project
Max CVSS
9.9
EPSS Score
0.13%
Published
2022-10-19
Updated
2023-11-22
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Source: Jenkins Project
Max CVSS
9.8
EPSS Score
0.47%
Published
2022-09-21
Updated
2023-11-01
A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.09%
Published
2022-05-17
Updated
2023-11-03
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.10%
Published
2022-02-15
Updated
2023-12-21
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.10%
Published
2022-02-15
Updated
2023-11-30
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.11%
Published
2022-02-15
Updated
2023-11-30
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.38%
Published
2021-08-31
Updated
2023-11-22
Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.12%
Published
2021-04-21
Updated
2023-10-25
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.09%
Published
2020-09-23
Updated
2023-11-03
Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.70%
Published
2020-07-02
Updated
2023-10-25
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.59%
Published
2020-05-06
Updated
2023-10-25
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.59%
Published
2020-04-16
Updated
2023-10-25
Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.59%
Published
2020-04-16
Updated
2023-10-25
Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Source: Jenkins Project
Max CVSS
8.8
EPSS Score
0.81%
Published
2020-03-25
Updated
2023-10-25
66 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!