Jenkins Project Jenkins Script Security Plugin vulnerabilities
26 known vulnerabilities affecting jenkins_project/jenkins_script_security_plugin.
Total CVEs
26
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL8HIGH11MEDIUM7
Vulnerabilities
Page 2 of 2
CVE-2019-10356HIGHCVSS 8.8v1.61 and earlier2019-07-31
CVE-2019-10356 [HIGH] CVE-2019-10356: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the han
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
cvelistv5nvd
CVE-2019-10355HIGHCVSS 8.8v1.61 and earlier2019-07-31
CVE-2019-10355 [HIGH] CWE-704 CVE-2019-10355: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the han
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
cvelistv5nvd
CVE-2019-1003040CRITICALCVSS 9.8v1.55 and earlier2019-03-28
CVE-2019-1003040 [CRITICAL] CWE-470 CVE-2019-1003040: A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers t
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
cvelistv5nvd
CVE-2019-1003029CRITICALCVSS 9.9KEVv1.53 and earlier2019-03-08
CVE-2019-1003029 [CRITICAL] CVE-2019-1003029: A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the J
cvelistv5nvd
CVE-2019-1003024HIGHCVSS 8.8v1.52 and earlier2019-02-20
CVE-2019-1003024 [HIGH] CVE-2019-1003024: A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectAS
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
cvelistv5nvd
CVE-2019-1003005HIGHCVSS 8.8v1.50 and earlier2019-02-06
CVE-2019-1003005 [HIGH] CVE-2019-1003005: A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
cvelistv5nvd
← Previous2 / 2