CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43405 – jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin
https://notcve.org/view.php?id=CVE-2022-43405
19 Oct 2022 — A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión del sandbox en Jenkins Pipeline: Groovy Libraries Plugin versiones 612.v84da_9c54906d y anteriores, permite a atacantes con permiso par... • http://www.openwall.com/lists/oss-security/2022/10/19/3 • CWE-693: Protection Mechanism Failure •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43406 – jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin
https://notcve.org/view.php?id=CVE-2022-43406
19 Oct 2022 — A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión del sandbox en Jenkins Pipeline: Deprecated Groovy Libraries Plugin versiones 583.vf3b_454e43966 y anteriores, permite a ata... • http://www.openwall.com/lists/oss-security/2022/10/19/3 • CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003033
https://notcve.org/view.php?id=CVE-2019-1003033
08 Mar 2019 — A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en el plugin Jenkins Groovy, en su versión 2.1 y anteriores, en pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java que permite a los atacantes con permisos de "Overall/Read" ejecutar código a... • http://www.securityfocus.com/bid/107476 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003006
https://notcve.org/view.php?id=CVE-2019-1003006
06 Feb 2019 — A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en JJenkins Groovy Plugin, en versiones 2.0 y anteriores, en src/main/java/hudson/plugins/groovy/StringScriptSource.java, que permite que los atacantes c... • https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1293 • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000202
https://notcve.org/view.php?id=CVE-2018-1000202
05 Jun 2018 — A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. Existe una vulnerabilidad de Cross-Site Scripting (XSS) persistente en el plugin Groovy Postbuild 2.3.1 y anteriores de Jenkins en varios archivos Jelly que permite que los atacantes puedan controlar el conten... • https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •