cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-52550,https://securityvulnerability.io/vulnerability/CVE-2024-52550,Unsafe Rebuild of Previous Builds,"Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.",Jenkins,Jenkins Pipeline: Groovy Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T21:15:00.000Z,0
CVE-2022-43406,https://securityvulnerability.io/vulnerability/CVE-2022-43406,Sandbox Bypass in Jenkins Pipeline: Deprecated Groovy Libraries Plugin by Jenkins,"A sandbox bypass vulnerability in the Jenkins Pipeline: Deprecated Groovy Libraries Plugin allows authorized users to define untrusted Pipeline libraries and execute scripts outside the security constraints of the sandbox. This can result in arbitrary code execution within the Jenkins controller JVM, posing significant risks to the integrity of the Jenkins environment and its underlying systems.",Jenkins,Jenkins Pipeline: Deprecated Groovy Libraries Plugin,9.9,CRITICAL,0.001120000029914081,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-43405,https://securityvulnerability.io/vulnerability/CVE-2022-43405,Sandbox Bypass Vulnerability in Jenkins Pipeline: Groovy Libraries Plugin,"A vulnerability exists in the Jenkins Pipeline: Groovy Libraries Plugin that allows attackers, with the necessary permissions, to evade sandbox restrictions. By exploiting this flaw, they can define untrusted Pipeline libraries and execute sandboxed scripts, potentially leading to arbitrary code execution within the Jenkins controller JVM. This presents a significant risk as it undermines the security model of the Jenkins platform, allowing malicious actors to manipulate functionalities and access sensitive data.",Jenkins,Jenkins Pipeline: Groovy Libraries Plugin,9.9,CRITICAL,0.001120000029914081,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-43402,https://securityvulnerability.io/vulnerability/CVE-2022-43402,Sandbox Bypass Vulnerability in Jenkins Pipeline: Groovy Plugin,"The vulnerability allows attackers with permission to create and execute sandboxed scripts in Jenkins to circumvent the sandbox protections. This flaw occurs due to implicit type casting in the Groovy language runtime, enabling the execution of arbitrary code within the Jenkins controller JVM. Users of Jenkins Pipeline: Groovy Plugin version 2802.v5ea_628154b_c2 and earlier are particularly affected, emphasizing the need for immediate review and mitigation to safeguard against potential exploits.",Jenkins,Jenkins Pipeline: Groovy Plugin,9.9,CRITICAL,0.0012400000123307109,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-30945,https://securityvulnerability.io/vulnerability/CVE-2022-30945,Groovy Source File Loading Vulnerability in Jenkins Pipeline Groovy Plugin,"The Jenkins Pipeline Groovy Plugin allows for the loading of arbitrary Groovy source files from the classpath within sandboxed pipelines. This can lead to unauthorized access and manipulation of the system, as users may load potentially harmful scripts that could compromise the integrity of the Jenkins environment.",Jenkins,Jenkins Pipeline: Groovy Plugin,8.5,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2022-05-17T14:05:37.000Z,0
CVE-2022-29047,https://securityvulnerability.io/vulnerability/CVE-2022-29047,Improper Validation in Shared Groovy Libraries Plugin for Jenkins,"The Shared Groovy Libraries Plugin for Jenkins allows attackers, who can submit pull requests but cannot commit directly to the source code management (SCM) system, to alter the pipeline behavior. This is achieved by modifying the definition of a dynamically retrieved library within their pull request. Even if the pipeline is set to distrust these external submissions, the lack of proper validation enables the potential exploitation of this vulnerability, allowing unauthorized control over the pipeline execution.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-04-12T19:50:46.000Z,0
CVE-2022-25183,https://securityvulnerability.io/vulnerability/CVE-2022-25183,Arbitrary Code Execution in Jenkins Pipeline due to Unsanitized Library Names,"The Shared Groovy Libraries Plugin for Jenkins can be exploited due to lack of sanitization in the naming of Pipeline libraries. This results in the creation of cache directories that may allow an attacker with Item/Configure permissions to execute arbitrary code on the Jenkins controller JVM. If a global Pipeline library configured to utilize caching exists, attackers can leverage specially crafted library names to compromise the system.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-02-15T16:11:07.000Z,0
CVE-2022-25182,https://securityvulnerability.io/vulnerability/CVE-2022-25182,Sandbox Bypass in Jenkins Pipeline: Shared Groovy Libraries Plugin,"The Jenkins Pipeline: Shared Groovy Libraries Plugin is susceptible to a sandbox bypass vulnerability. This flaw allows attackers with Item/Configure permissions to execute arbitrary code on the Jenkins controller JVM. The exploit is facilitated by using specially crafted library names when a global Pipeline library is already configured. Consequently, this can lead to unauthorized access and manipulation of the server's functionality.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-02-15T16:11:05.000Z,0
CVE-2022-25181,https://securityvulnerability.io/vulnerability/CVE-2022-25181,Sandbox Bypass in Jenkins Pipeline: Shared Groovy Libraries Plugin,"A vulnerability exists in the Jenkins Pipeline: Shared Groovy Libraries Plugin that allows attackers with Item/Configure permission to bypass the sandbox restrictions. This enables them to execute arbitrary code within the Jenkins controller's JVM through carefully crafted source control management (SCM) contents, as long as a global Pipeline library is present. This presents significant security risks to Jenkins environments, especially those using untrusted libraries.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,8.8,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2022-02-15T16:11:03.000Z,0
CVE-2022-25180,https://securityvulnerability.io/vulnerability/CVE-2022-25180,Exposure of Sensitive Information in Jenkins Pipeline Groovy Plugin,"The Jenkins Pipeline Groovy Plugin prior to version 2648.va9433432b33c has a vulnerability that permits attackers with Run/Replay permission to access sensitive password parameters from previously executed builds during replay. This security flaw allows unauthorized retrieval of confidential information, potentially leading to further exploitation of the system.",Jenkins,Jenkins Pipeline: Groovy Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-02-15T16:11:02.000Z,0
CVE-2022-25178,https://securityvulnerability.io/vulnerability/CVE-2022-25178,Arbitrary File Reading in Jenkins Pipeline Due to Shared Groovy Libraries Plugin Vulnerability,"The Shared Groovy Libraries Plugin in Jenkins fails to adequately restrict resource names passed to the libraryResource step. This flaw allows attackers with Pipeline configuration permissions to read any file on the Jenkins controller's file system, potentially exposing sensitive information and compromising the system.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-02-15T16:10:58.000Z,0
CVE-2022-25177,https://securityvulnerability.io/vulnerability/CVE-2022-25177,File Reading Vulnerability in Jenkins Pipeline with Shared Groovy Libraries Plugin,"The Shared Groovy Libraries Plugin for Jenkins Pipeline is susceptible to a vulnerability that involves following symbolic links to unexpected file locations when accessing files through the libraryResource step. This flaw permits attackers who have configured Pipelines to read arbitrary files from the Jenkins controller's file system, potentially leading to unauthorized information disclosure.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-02-15T16:10:56.000Z,0
CVE-2022-25176,https://securityvulnerability.io/vulnerability/CVE-2022-25176,Jenkins Pipeline Groovy Plugin Vulnerability Exposes File System,"The Jenkins Pipeline Groovy Plugin prior to version 2648.va9433432b33c improperly validates the path to script files such as Jenkinsfile. By following symbolic links, the plugin allows unauthorized access to files outside the designated checkout directory. This could potentially enable attackers with pipeline configuration access to read sensitive files from the Jenkins controller's file system, posing significant security risks.",Jenkins,Jenkins Pipeline: Groovy Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-02-15T16:10:55.000Z,0
CVE-2022-25174,https://securityvulnerability.io/vulnerability/CVE-2022-25174,Arbitrary OS Command Invocation in Jenkins Pipeline due to Shared Groovy Libraries Plugin Vulnerability,"The Shared Groovy Libraries Plugin for Jenkins allows for potentially dangerous configurations due to its use of the same checkout directories for different Source Code Management (SCM) systems. This flaw enables users with sufficient permissions to execute arbitrary operating system commands on the Jenkins controller. Attackers can exploit this vulnerability by maliciously crafting SCM contents, thereby leading to unauthorized command execution and potential system compromise.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,8.8,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-02-15T16:10:52.000Z,0
CVE-2022-25173,https://securityvulnerability.io/vulnerability/CVE-2022-25173,Jenkins Pipeline Groovy Plugin Vulnerability in SCM Handling,"The Jenkins Pipeline Groovy Plugin has a vulnerability that arises from its use of identical checkout directories for different Source Code Management (SCM) systems. This flaw enables users who possess Item/Configure permissions to exploit the system by injecting malicious scripts into the SCM contents. Such an attack can result in the execution of arbitrary OS commands on the Jenkins controller, posing a significant security risk.",Jenkins,Jenkins Pipeline: Groovy Plugin,8.8,HIGH,0.003590000094845891,false,,false,false,false,,,false,false,,2022-02-15T16:10:50.000Z,0
CVE-2020-2109,https://securityvulnerability.io/vulnerability/CVE-2020-2109,,Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods.,Jenkins,Jenkins Pipeline: Groovy Plugin,8.8,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2020-02-12T14:35:40.000Z,0
CVE-2019-10357,https://securityvulnerability.io/vulnerability/CVE-2019-10357,,A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.,Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,4.3,MEDIUM,0.0017800000496208668,false,,false,false,false,,,false,false,,2019-07-31T12:45:21.000Z,0
CVE-2019-1003041,https://securityvulnerability.io/vulnerability/CVE-2019-1003041,,A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.,Jenkins,Jenkins Pipeline: Groovy Plugin,9.8,CRITICAL,0.009220000356435776,false,,false,false,false,,,false,false,,2019-03-28T17:59:29.000Z,0
CVE-2019-1003033,https://securityvulnerability.io/vulnerability/CVE-2019-1003033,,"A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.",Jenkins,Jenkins Groovy Plugin,8.8,HIGH,0.001829999964684248,false,,false,false,false,,,false,false,,2019-03-08T21:00:00.000Z,0
CVE-2019-1003030,https://securityvulnerability.io/vulnerability/CVE-2019-1003030,,"A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.",Jenkins,Jenkins Pipeline: Groovy Plugin,9.9,CRITICAL,0.31661999225616455,true,2022-03-25T00:00:00.000Z,false,false,true,2022-03-25T00:00:00.000Z,,false,false,,2019-03-08T21:00:00.000Z,0
CVE-2019-1003006,https://securityvulnerability.io/vulnerability/CVE-2019-1003006,,A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.,Jenkins,Jenkins Groovy Plugin,8.8,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2019-02-06T16:29:00.000Z,0