CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30945 – plugin: Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Pipeline: Groovy Plugin
https://notcve.org/view.php?id=CVE-2022-30945
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. Jenkins Pipeline: Groovy Plugin versiones 2689.v434009a_31b_f1 y anteriores, permite cargar cualquier archivo fuente Groovy en el classpath de Jenkins y de los plugins de Jenkins en pipelines de sandbox A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Shared Libraries to execute without sandbox protection. The issue is that the plugin allows any Groovy source files bundled with Jenkins core and plugins to be loaded this way and their methods executed. • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359 https://access.redhat.com/security/cve/CVE-2022-30945 https://bugzilla.redhat.com/show_bug.cgi?id=2119642 • CWE-693: Protection Mechanism Failure •
CVSS: 7.4EPSS: 0%CPEs: 90EXPL: 0CVE-2022-29586 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29586
Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. ... Un atacante debe conectar un teclado a un puerto USB, presionar F12 y luego escapar del modo kiosco Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • https://sec-consult.com/vulnerability-lab https://sec-consult.com/vulnerability-lab/advisory/sandbox-escape-with-root-access-clear-text-passwords-in-konica-minolta-bizhub-mfp-printer-terminals •
CVSS: 4.7EPSS: 0%CPEs: 90EXPL: 1CVE-2022-29587 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29587
Los dispositivos bizhub MFP de Konica Minolta versiones anteriores a 14-04-2022, presentan un navegador interno Chromium que es ejecutado con privilegios de acceso root (también se conoce como super usuario) Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • https://sec-consult.com/vulnerability-lab https://sec-consult.com/vulnerability-lab/advisory/sandbox-escape-with-root-access-clear-text-passwords-in-konica-minolta-bizhub-mfp-printer-terminals • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 90EXPL: 0CVE-2022-29588 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29588
Los dispositivos bizhub MFP de Konica Minolta versiones anteriores a 14-04-2022, usan el almacenamiento de contraseñas en texto sin cifrar para los archivos /var/log/nginx/html/ADMINPASS y /etc/shadow Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Terminal-Sandbox-Escape.html https://sec-consult.com/vulnerability-lab • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29911 – Mozilla: iframe Sandbox bypass
https://notcve.org/view.php?id=CVE-2022-29911
An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Una implementación incorrecta de la nueva palabra clave de iframe sandbox <code>allow-top-navigation-by-user-activation</code> podría provocar la ejecución del script sin que <code>allow-scripts</code> esté presente. Esta vulnerabilidad afecta a Thunderbird < 91.9, Firefox ESR < 91.9 y Firefox < 100. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1761981 https://www.mozilla.org/security/advisories/mfsa2022-16 https://www.mozilla.org/security/advisories/mfsa2022-17 https://www.mozilla.org/security/advisories/mfsa2022-18 https://access.redhat.com/security/cve/CVE-2022-29911 https://bugzilla.redhat.com/show_bug.cgi?id=2081471 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •