Page 51 of 369 results (0.098 seconds)

CVSS: 8.8EPSS: 83%CPEs: 2EXPL: 5

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. • https://www.exploit-db.com/exploits/46572 https://www.exploit-db.com/exploits/46453 https://www.exploit-db.com/exploits/46427 https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 ht •

CVSS: 8.8EPSS: 32%CPEs: 2EXPL: 3

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. • https://www.exploit-db.com/exploits/46572 https://www.exploit-db.com/exploits/46427 http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266 https://jenkins.io/security/advisory/2019-01-08 https://blog. •

CVSS: 8.8EPSS: 32%CPEs: 2EXPL: 3

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. • https://www.exploit-db.com/exploits/46572 https://www.exploit-db.com/exploits/46427 http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266 https://jenkins.io/security/advisory/2019-01-08 https://blog. •

CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html https://crbug.com/766262 • CWE-20: Improper Input Validation •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1

A sandbox escape issue was discovered in VyOS 1.1.8. • https://blog.vyos.io/the-operator-level-is-proved-insecure-and-will-be-removed-in-the-next-releases • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •