CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25765
https://notcve.org/view.php?id=CVE-2023-25765
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. • http://www.openwall.com/lists/oss-security/2023/02/15/4 https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2939 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24815 – Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web
https://notcve.org/view.php?id=CVE-2023-24815
Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\` are not properly handled and an attacker can build a path that is valid within the classpath. • https://github.com/vert-x3/vertx-web/blob/62c0d66fa1c179ae6a4d57344631679a2b97e60f/vertx-web/src/main/java/io/vertx/ext/web/impl/Utils.java#L83 https://github.com/vert-x3/vertx-web/commit/9e3a783b1d1a731055e9049078b1b1494ece9c15 https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38 https://access.redhat.com/security/cve/CVE-2023-24815 https://bugzilla.redhat.com/show_bug.cgi?id=2209400 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24422 – jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
https://notcve.org/view.php?id=CVE-2023-24422
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión de la sandbox que involucra constructores de mapas en Jenkins Script Security Plugin 1228.vd93135a_2fb_25 y versiones anteriores permite a atacantes con permiso para definir y ejecutar scripts de sandbox, incluidos Pipelines, eludir la protección de sandbox y ejecutar código arbitrario en el contexto de la JVM del controlador Jenkins. ... In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016 https://access.redhat.com/security/cve/CVE-2023-24422 https://bugzilla.redhat.com/show_bug.cgi?id=2164278 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0131
https://notcve.org/view.php?id=CVE-2023-0131
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) La implementación inapropiada en iframe Sandbox en Google Chrome anterior a 109.0.5414.74 permitió a un atacante remoto omitir las restricciones de descarga de archivos a través de una página HTML manipulada. • https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html https://crbug.com/1357366 https://security.gentoo.org/glsa/202305-10 https://security.gentoo.org/glsa/202311-11 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13768
https://notcve.org/view.php?id=CVE-2019-13768
Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/922677 • CWE-416: Use After Free •