cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-34145,https://securityvulnerability.io/vulnerability/CVE-2024-34145,Sandbox Bypass Vulnerability in Jenkins Script Security Plugin Allows Arbitrary Code Execution,"A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.",Jenkins,Jenkins Script Security Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-02T13:28:03.965Z,0
CVE-2024-34144,https://securityvulnerability.io/vulnerability/CVE-2024-34144,Sandbox Bypass Vulnerability in Jenkins Script Security Plugin Allows Arbitrary Code Execution,"A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.",Jenkins,Jenkins Script Security Plugin,,,0.0004299999854993075,false,,false,false,true,2024-07-29T12:02:39.000Z,true,false,false,,2024-05-02T13:28:03.226Z,0
CVE-2023-24422,https://securityvulnerability.io/vulnerability/CVE-2023-24422,Sandbox Bypass Vulnerability in Jenkins Script Security Plugin,"A significant vulnerability affects the Jenkins Script Security Plugin, enabling attackers with the right permissions to circumvent sandbox limitations. Through the manipulation of map constructors, they can execute arbitrary code within the Jenkins controller JVM. This presents a serious threat to the integrity and security of the Jenkins installation, potentially compromising sensitive data and workflows. It is essential for users to implement available safeguards and updates to protect against this exploit.",Jenkins,Jenkins Script Security Plugin,8.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2022-45379,https://securityvulnerability.io/vulnerability/CVE-2022-45379,Script Security Vulnerability in Jenkins Plugin by Jenkins,"The Jenkins Script Security Plugin prior to version 1189.vb_a_b_7c8fd5fde is susceptible to security risks due to the storage method of script approvals. It utilizes the SHA-1 hash of the whole-script approvals, which opens the door to potential collision attacks, enabling malicious actors to craft scripts capable of bypassing security measures. Organizations using this plugin should ensure they update to the latest version to mitigate these vulnerabilities.",Jenkins,Jenkins Script Security Plugin,7.5,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-43404,https://securityvulnerability.io/vulnerability/CVE-2022-43404,Sandbox Bypass Vulnerability in Jenkins Script Security Plugin,"A sandbox bypass vulnerability has been discovered in the Jenkins Script Security Plugin, enabling malicious users with the right permissions to execute arbitrary code. This flaw allows crafted constructor bodies and calls to sandbox-generated synthetic constructors to bypass security restrictions, ultimately compromising the integrity of the Jenkins controller JVM. Users are encouraged to update to the latest versions to mitigate potential risks associated with this vulnerability.",Jenkins,Jenkins Script Security Plugin,9.9,CRITICAL,0.001120000029914081,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-43403,https://securityvulnerability.io/vulnerability/CVE-2022-43403,Sandbox Bypass Vulnerability in Jenkins Script Security Plugin,"A vulnerability exists in the Jenkins Script Security Plugin that allows attackers with sufficient permissions to exploit a flaw in the sandbox mechanism. By casting an array-like value to an array type, an attacker can bypass the sandbox security and execute arbitrary code within the Jenkins controller's Java Virtual Machine (JVM). This poses significant security risks for environments relying on Jenkins for CI/CD operations, potentially leading to unauthorized access and control over the system.",Jenkins,Jenkins Script Security Plugin,9.9,CRITICAL,0.0028200000524520874,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-43401,https://securityvulnerability.io/vulnerability/CVE-2022-43401,Jenkins Script Security Plugin Sandbox Bypass Vulnerability,"A security flaw in the Jenkins Script Security Plugin allows attackers with the necessary permissions to run sandboxed scripts, including Pipelines, to circumvent the expected sandbox protections. This vulnerability exploits implicit type casting in the Groovy language runtime, potentially leading to the execution of arbitrary code within the Jenkins controller JVM, posing significant security risks to affected systems.",Jenkins,Jenkins Script Security Plugin,9.9,CRITICAL,0.0012400000123307109,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-30946,https://securityvulnerability.io/vulnerability/CVE-2022-30946,Cross-Site Request Forgery Vulnerability in Jenkins Script Security Plugin by Jenkins,"A cross-site request forgery vulnerability exists in the Jenkins Script Security Plugin, allowing attackers to manipulate the server into sending unauthorized HTTP requests to a web server of their choice. This could lead to unauthorized actions being performed within the Jenkins environment, potentially compromising the integrity and confidentiality of the impacted systems. It is crucial for users of the affected versions to apply the necessary security updates to mitigate this risk.",Jenkins,Jenkins Script Security Plugin,4.3,MEDIUM,0.00107999995816499,false,,false,false,false,,,false,false,,2022-05-17T14:05:52.000Z,0
CVE-2020-2279,https://securityvulnerability.io/vulnerability/CVE-2020-2279,,A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.,Jenkins,Jenkins Script Security Plugin,9.9,CRITICAL,0.0012400000123307109,false,,false,false,false,,,false,false,,2020-09-23T13:10:17.000Z,0
CVE-2020-2190,https://securityvulnerability.io/vulnerability/CVE-2020-2190,,"Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.",Jenkins,Jenkins Script Security Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-06-03T12:40:23.000Z,0
CVE-2020-2135,https://securityvulnerability.io/vulnerability/CVE-2020-2135,,Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable.,Jenkins,Jenkins Script Security Plugin,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2020-03-09T15:00:56.000Z,0
CVE-2020-2134,https://securityvulnerability.io/vulnerability/CVE-2020-2134,,Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies.,Jenkins,Jenkins Script Security Plugin,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2020-03-09T15:00:56.000Z,0
CVE-2020-2110,https://securityvulnerability.io/vulnerability/CVE-2020-2110,,Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.,Jenkins,Jenkins Script Security Plugin,8.8,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2020-02-12T14:35:40.000Z,0
CVE-2019-16538,https://securityvulnerability.io/vulnerability/CVE-2019-16538,,A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.,Jenkins,Jenkins Script Security Plugin,8.8,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2019-11-21T14:11:20.000Z,0
CVE-2019-10431,https://securityvulnerability.io/vulnerability/CVE-2019-10431,,A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.,Jenkins,Jenkins Script Security Plugin,9.9,CRITICAL,0.001970000099390745,false,,false,false,false,,,false,false,,2019-10-01T13:45:19.000Z,0
CVE-2019-10399,https://securityvulnerability.io/vulnerability/CVE-2019-10399,,A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts.,Jenkins,Jenkins Script Security Plugin,4.2,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2019-09-12T13:55:15.000Z,0
CVE-2019-10393,https://securityvulnerability.io/vulnerability/CVE-2019-10393,,A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.,Jenkins,Jenkins Script Security Plugin,4.2,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2019-09-12T13:55:15.000Z,0
CVE-2019-10394,https://securityvulnerability.io/vulnerability/CVE-2019-10394,,A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.,Jenkins,Jenkins Script Security Plugin,4.2,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2019-09-12T13:55:15.000Z,0
CVE-2019-10400,https://securityvulnerability.io/vulnerability/CVE-2019-10400,,A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts.,Jenkins,Jenkins Script Security Plugin,4.2,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2019-09-12T13:55:15.000Z,0
CVE-2019-10355,https://securityvulnerability.io/vulnerability/CVE-2019-10355,,A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.,Jenkins,Jenkins Script Security Plugin,8.8,HIGH,0.0034199999645352364,false,,false,false,false,,,false,false,,2019-07-31T12:45:21.000Z,0
CVE-2019-10356,https://securityvulnerability.io/vulnerability/CVE-2019-10356,,A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.,Jenkins,Jenkins Script Security Plugin,8.8,HIGH,0.003329999977722764,false,,false,false,false,,,false,false,,2019-07-31T12:45:21.000Z,0
CVE-2019-1003040,https://securityvulnerability.io/vulnerability/CVE-2019-1003040,,A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.,Jenkins,Jenkins Script Security Plugin,9.8,CRITICAL,0.009220000356435776,false,,false,false,false,,,false,false,,2019-03-28T17:59:29.000Z,0
CVE-2019-1003029,https://securityvulnerability.io/vulnerability/CVE-2019-1003029,,"A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.",Jenkins,Jenkins Script Security Plugin,9.9,CRITICAL,0.0195700004696846,true,2022-04-25T00:00:00.000Z,false,false,true,2022-04-25T00:00:00.000Z,,false,false,,2019-03-08T21:00:00.000Z,0
CVE-2019-1003024,https://securityvulnerability.io/vulnerability/CVE-2019-1003024,,A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.,Jenkins,Jenkins Script Security Plugin,8.8,HIGH,0.004989999812096357,false,,false,false,false,,,false,false,,2019-02-20T21:00:00.000Z,0
CVE-2019-1003005,https://securityvulnerability.io/vulnerability/CVE-2019-1003005,,A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.,Jenkins,Jenkins Script Security Plugin,8.8,HIGH,0.004410000052303076,false,,false,false,false,,,false,false,,2019-02-06T16:00:00.000Z,0