CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30946 – plugin: CSRF vulnerability in Script Security Plugin
https://notcve.org/view.php?id=CVE-2022-30946
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin de seguridad de scripts de Jenkins versiones 1158.v7c1b_73a_69a_08 y anteriores, permite a atacantes hacer que Jenkins envíe una petición HTTP a un servidor web especificado por el atacante • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2116 https://access.redhat.com/security/cve/CVE-2022-30946 https://bugzilla.redhat.com/show_bug.cgi?id=2119643 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2279
https://notcve.org/view.php?id=CVE-2020-2279
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM. Una vulnerabilidad de omisión del sandbox en Jenkins Script Security Plugin versiones 1.74 y anteriores, permite a atacantes con permiso para definir scripts en sandbox proporcionar valores de retorno diseñados o contenido de enlace de script que puede resultar en la ejecución de código arbitrario en la JVM del controlador de Jenkins • http://www.openwall.com/lists/oss-security/2020/09/23/1 https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2020 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2190 – jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts
https://notcve.org/view.php?id=CVE-2020-2190
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. Jenkins Script Security Plugin versiones 1.72 y anteriores, no escapa correctamente de las entradas de classpath pendientes o aprobadas en la página In-process Script Approval, resultando en una vulnerabilidad de tipo cross-site scripting almacenado. • http://www.openwall.com/lists/oss-security/2020/06/03/3 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1866 https://access.redhat.com/security/cve/CVE-2020-2190 https://bugzilla.redhat.com/show_bug.cgi?id=1847337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2134 – jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies
https://notcve.org/view.php?id=CVE-2020-2134
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. La protección de Sandbox en Jenkins Script Security Plugin versiones 1.70 y anteriores, podría ser omitida mediante llamadas de constructor diseñadas y cuerpos de constructor diseñados. • http://www.openwall.com/lists/oss-security/2020/03/09/1 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1754 https://access.redhat.com/security/cve/CVE-2020-2134 https://bugzilla.redhat.com/show_bug.cgi?id=1819091 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2135 – jenkins-script-security-plugin: sandbox protection bypass leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-2135
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. La protección de Sandbox en Jenkins Script Security Plugin versiones 1.70 y anteriores, podría ser omitida mediante llamadas de método diseñadas sobre objetos que implementan GroovyInterceptable. • http://www.openwall.com/lists/oss-security/2020/03/09/1 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1754 https://access.redhat.com/security/cve/CVE-2020-2135 https://bugzilla.redhat.com/show_bug.cgi?id=1819078 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-863: Incorrect Authorization •