Page 48 of 369 results (0.069 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. • http://www.openwall.com/lists/oss-security/2019/03/28/2 http://www.securityfocus.com/bid/107628 https://access.redhat.com/errata/RHSA-2019:1423 https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1353 https://access.redhat.com/security/cve/CVE-2019-1003041 https://bugzilla.redhat.com/show_bug.cgi?id=1694536 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-704: Incorrect Type Conversion or Cast •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. ... A sandbox bypass flaw was found in the way bubblewrap, which is used for sandboxing flatpak applications handled the TIOCSTI ioctl. • https://access.redhat.com/errata/RHSA-2019:1024 https://access.redhat.com/errata/RHSA-2019:1143 https://github.com/flatpak/flatpak/issues/2782 https://access.redhat.com/security/cve/CVE-2019-10063 https://bugzilla.redhat.com/show_bug.cgi?id=1695973 • CWE-20: Improper Input Validation CWE-266: Incorrect Privilege Assignment •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. • http://www.securityfocus.com/bid/107476 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1338 •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. • http://www.securityfocus.com/bid/107476 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1340 •

CVSS: 9.9EPSS: 9%CPEs: 2EXPL: 1

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. ... Jenkins version 2.63 suffers from a sandbox bypass vulnerability. • https://www.exploit-db.com/exploits/48904 http://packetstormsecurity.com/files/159603/Jenkins-2.63-Sandbox-Bypass.html http://www.securityfocus.com/bid/107476 https://access.redhat.com/errata/RHSA-2019:0739 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%282%29 https://access.redhat.com/security/cve/CVE-2019-1003030 https://bugzilla.redhat.com/show_bug.cgi?id=1690665 • CWE-20: Improper Input Validation •