CVE-2019-1003000 – Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-1003000
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en Script Security Plugin versión 1.49 y anteriores, en src/main/java/org/jenkinsc/plugins/scriptsecurity/sandbox/ groovy/GroovySandbox.java que permite a los atacantes la capacidad de proporcionar scripts de tipo Sandbox para ejecutar código arbitrario en el Jenkins master JVM. • https://www.exploit-db.com/exploits/46572 https://www.exploit-db.com/exploits/46453 https://www.exploit-db.com/exploits/46427 https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 •
CVE-2019-1003001 – Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-1003001
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en Pipeline: el plugin Groovy, en la versión 2.61 y anteriores, en src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java y src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java permite a los atacantes con permisos de "Overall/Read" proporcionar un script "pipeline" a un endpoint HTTP que puede resultar en la ejecución de código arbitrario enla máquina virtual de Java maestra de Jenkins. • https://www.exploit-db.com/exploits/46572 https://www.exploit-db.com/exploits/46427 http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266 https://jenkins.io/security/advisory/2019-01-08 https://bl •
CVE-2019-1003002 – Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-1003002
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en Pipeline: el plugin Declarative, en la versión 1.3.3 y anteriores, en pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy permite a los atacantes con permisos de "Overall/Read" proporcionar un script "pipeline" a un endpoint HTTP que puede resultar en la ejecución de código arbitrario en la máquina virtual de Java maestra de Jenkins. • https://www.exploit-db.com/exploits/46572 https://www.exploit-db.com/exploits/46427 http://packetstormsecurity.com/files/152132/Jenkins-ACL-Bypass-Metaprogramming-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266 https://jenkins.io/security/advisory/2019-01-08 https://bl •
CVE-2017-15402
https://notcve.org/view.php?id=CVE-2017-15402
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. La utilización de un identificador que puede ser controlado por un renderizador que permite a cualquier trama sobreescribir el parámetro page_state de cualquier otra trama en el mismo proceso en "Navigation" en Google Crome en Chrome OS, en versiones anteriores a la 62.0.3202.74, permitió a un atacante remoto, que había comprometido el proceso del renderizador, realizar un sandbox esape mediante una página HTML manipulada. • https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html https://crbug.com/766262 • CWE-20: Improper Input Validation •
CVE-2018-18555
https://notcve.org/view.php?id=CVE-2018-18555
A sandbox escape issue was discovered in VyOS 1.1.8. ... Se ha descubierto un problema de escape del sandbox en VyOS 1.1.8. • https://blog.vyos.io/the-operator-level-is-proved-insecure-and-will-be-removed-in-the-next-releases • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •