Vulnerabilities > Jenkins > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-10-01 CVE-2019-10431 Code Injection vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.
network
low complexity
jenkins CWE-94
critical
9.9
2019-09-25 CVE-2019-10418 Unspecified vulnerability in Jenkins Kubernetes Pipeline 1.3/1.5/1.6
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
network
low complexity
jenkins
critical
9.9
2019-09-25 CVE-2019-10417 Unspecified vulnerability in Jenkins Kubernetes Pipeline 1.3/1.5/1.6
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
network
low complexity
jenkins
critical
9.9
2019-05-31 CVE-2019-10328 Protection Mechanism Failure vulnerability in Jenkins Pipeline Remote Loader
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
network
low complexity
jenkins CWE-693
critical
9.9
2019-04-30 CVE-2019-10309 XXE vulnerability in Jenkins Self-Organizing Swarm Modules
Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients.
low complexity
jenkins CWE-611
critical
9.3
2019-04-18 CVE-2019-10306 Unspecified vulnerability in Jenkins Ontrack
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins
critical
9.9
2019-03-28 CVE-2019-1003041 Unsafe Reflection vulnerability in multiple products
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
network
low complexity
jenkins redhat CWE-470
critical
9.8
2019-03-28 CVE-2019-1003040 Unsafe Reflection vulnerability in multiple products
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
network
low complexity
jenkins redhat CWE-470
critical
9.8
2019-03-08 CVE-2019-1003034 A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins redhat
critical
9.9
2019-03-08 CVE-2019-1003032 Unspecified vulnerability in Jenkins Email Extension
A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins
critical
9.9