CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2134 – jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies
https://notcve.org/view.php?id=CVE-2020-2134
09 Mar 2020 — Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. La protección de Sandbox en Jenkins Script Security Plugin versiones 1.70 y anteriores, podría ser omitida mediante llamadas de constructor diseñadas y cuerpos de constructor diseñados. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues ... • http://www.openwall.com/lists/oss-security/2020/03/09/1 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2135 – jenkins-script-security-plugin: sandbox protection bypass leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-2135
09 Mar 2020 — Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. La protección de Sandbox en Jenkins Script Security Plugin versiones 1.70 y anteriores, podría ser omitida mediante llamadas de método diseñadas sobre objetos que implementan GroovyInterceptable. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud ... • http://www.openwall.com/lists/oss-security/2020/03/09/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-2110 – jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations
https://notcve.org/view.php?id=CVE-2020-2110
12 Feb 2020 — Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations. La protección de Sandbox en Jenkins Script Security Plugin versiones 1.69 y anteriores, podría omitirse durante la fase de compilación del script mediante la aplicación de anotaciones de transformación AST para las importaciones o al usarlas dentro de otras anotaciones. Red Hat OpenShi... • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16538 – jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts
https://notcve.org/view.php?id=CVE-2019-16538
21 Nov 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. Una vulnerabilidad de omisión de sandbox en Jenkins Script Security Plugin versión 1.67 y anteriores, relacionada con el manejo de expresiones de parámetro predeterminadas en los cierres permitió a atacantes ejecutar código arbitrario en scripts manejados en el sandbox. A sandbox bypass flaw wa... • http://www.openwall.com/lists/oss-security/2019/11/21/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-863: Incorrect Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10431 – jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin
https://notcve.org/view.php?id=CVE-2019-10431
01 Oct 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. Una vulnerabilidad de omisión del sandbox en Jenkins Script Security Plugin versión 1.64 y anteriores, relacionada con el manejo de expresiones de parámetros predeterminados en constructores permitió a los atacantes ejecutar código arbitrario en scripts del sandbox. A flaw was found in the ... • http://www.openwall.com/lists/oss-security/2019/10/01/2 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10393 – jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts
https://notcve.org/view.php?id=CVE-2019-10393
12 Sep 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. Una vulnerabilidad de omisión del sandbox en Jenkins Script Security Plugin versión 1.62 y anteriores, relacionada con el manejo de nombres de métodos en expresiones de llamada a método permitió a atacantes ejecutar código arbitrario en scripts del sandbox. • http://www.openwall.com/lists/oss-security/2019/09/12/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10394 – jenkins-script-security-plugin: handling of property names in property expressions on the left-hand side of assignment expression leads to execute arbitrary code in sandboxed scripts
https://notcve.org/view.php?id=CVE-2019-10394
12 Sep 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts. Una vulnerabilidad de omisión del sandbox en Jenkins Script Security Plugin versión 1.62 y anteriores, relacionada con el manejo de nombres de propiedad en expresiones de propiedad en el lado izquierdo de las expresiones de asignación permitió a atac... • http://www.openwall.com/lists/oss-security/2019/09/12/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10399 – jenkins-script-security-plugin: handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts
https://notcve.org/view.php?id=CVE-2019-10399
12 Sep 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts. Una vulnerabilidad de omisión del sandbox en Jenkins Script Security Plugin versión 1.62 y anteriores, relacionada con el manejo de nombres de propiedad en expresiones de propiedad en expresiones de incremento y decremento, permitió a atacantes ejecutar códig... • http://www.openwall.com/lists/oss-security/2019/09/12/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10400 – jenkins-script-security-plugin: handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts
https://notcve.org/view.php?id=CVE-2019-10400
12 Sep 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts. Una vulnerabilidad de omisión del sandbox en Jenkins Script Security Plugin versión 1.62 y anteriores, relacionada con el manejo de subexpresiones en expresiones de incremento y decremento que no implican asignación actual, permitió a atacantes ejecut... • http://www.openwall.com/lists/oss-security/2019/09/12/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10355 – jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin
https://notcve.org/view.php?id=CVE-2019-10355
31 Jul 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. Una vulnerabilidad de omisión del sandbox en el Plugin Script Security de Jenkins versión 1.61 y anteriores, relacionada con el manejo de conversiones de tipos permitió a los atacantes ejecutar código arbitrario en scripts del sandbox. A flaw was found in Jenkins Script Security plugin. Sandbox protection could be circumvent... • http://www.openwall.com/lists/oss-security/2019/07/31/1 • CWE-704: Incorrect Type Conversion or Cast •