Vulnerabilities > Jenkins > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-10-19 CVE-2022-43401 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
network
low complexity
jenkins
critical
9.9
2022-10-19 CVE-2022-43402 Unspecified vulnerability in Jenkins Pipeline: Groovy
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
network
low complexity
jenkins
critical
9.9
2022-10-19 CVE-2022-43403 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
network
low complexity
jenkins
critical
9.9
2022-10-19 CVE-2022-43404 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
network
low complexity
jenkins
critical
9.9
2022-10-19 CVE-2022-43405 Unspecified vulnerability in Jenkins Groovy Libraries
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
network
low complexity
jenkins
critical
9.9
2022-10-19 CVE-2022-43406 Unspecified vulnerability in Jenkins Groovy Libraries
A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
network
low complexity
jenkins
critical
9.9
2022-09-21 CVE-2022-41226 XXE vulnerability in Jenkins Compuware Common Configuration
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.8
2022-09-21 CVE-2022-41237 Unspecified vulnerability in Jenkins Dotci
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins
critical
9.8
2022-09-21 CVE-2022-41238 Missing Authorization vulnerability in Jenkins Dotci
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.
network
low complexity
jenkins CWE-862
critical
9.8
2022-09-21 CVE-2022-41241 XXE vulnerability in Jenkins RQM
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.1