CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10306
https://notcve.org/view.php?id=CVE-2019-10306
18 Apr 2019 — A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. • http://www.securityfocus.com/bid/108045 •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-10745 – python-jinja2: Sandbox escape due to information disclosure via str.format
https://notcve.org/view.php?id=CVE-2016-10745
08 Apr 2019 — In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. En Pallets Jinja versiones anteriores a 2.8.1, str.format permite un scape de sandbox A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html • CWE-134: Use of Externally-Controlled Format String CWE-138: Improper Neutralization of Special Elements •
CVSS: 9.0EPSS: 4%CPEs: 13EXPL: 0CVE-2019-10906 – python-jinja2: str.format_map allows sandbox escape
https://notcve.org/view.php?id=CVE-2019-10906
06 Apr 2019 — In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html • CWE-138: Improper Neutralization of Special Elements •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2019-1003040 – jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)
https://notcve.org/view.php?id=CVE-2019-1003040
28 Mar 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. • http://www.openwall.com/lists/oss-security/2019/03/28/2 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2019-1003041 – jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)
https://notcve.org/view.php?id=CVE-2019-1003041
28 Mar 2019 — A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. • http://www.openwall.com/lists/oss-security/2019/03/28/2 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10063 – flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226)
https://notcve.org/view.php?id=CVE-2019-10063
26 Mar 2019 — Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. ... A sandbox bypass flaw was found in the way bubblewrap, which is used for sandboxing flatpak applications handled the TIOCSTI ioctl. • https://access.redhat.com/errata/RHSA-2019:1024 • CWE-20: Improper Input Validation CWE-266: Incorrect Privilege Assignment •
CVSS: 9.9EPSS: 93%CPEs: 2EXPL: 1CVE-2019-1003029 – Jenkins Script Security Plugin Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1003029
08 Mar 2019 — A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. ... Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security:
CVSS: 9.9EPSS: 2%CPEs: 2EXPL: 0CVE-2019-1003031 – jenkins-matrix-project-plugin: sandbox bypass in matrix project plugin
https://notcve.org/view.php?id=CVE-2019-1003031
08 Mar 2019 — A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. ... Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security p... • http://www.securityfocus.com/bid/107476 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003032
https://notcve.org/view.php?id=CVE-2019-1003032
08 Mar 2019 — A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. • http://www.securityfocus.com/bid/107476 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003033
https://notcve.org/view.php?id=CVE-2019-1003033
08 Mar 2019 — A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. • http://www.securityfocus.com/bid/107476 •