Vulnerabilities > Jenkins > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-01 | CVE-2019-10431 | Code Injection vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. | 9.9 |
2019-09-25 | CVE-2019-10418 | Unspecified vulnerability in Jenkins Kubernetes Pipeline 1.3/1.5/1.6 Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 |
2019-09-25 | CVE-2019-10417 | Unspecified vulnerability in Jenkins Kubernetes Pipeline 1.3/1.5/1.6 Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 |
2019-05-31 | CVE-2019-10328 | Protection Mechanism Failure vulnerability in Jenkins Pipeline Remote Loader Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 |
2019-04-30 | CVE-2019-10309 | XXE vulnerability in Jenkins Self-Organizing Swarm Modules Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients. | 9.3 |
2019-04-18 | CVE-2019-10306 | Unspecified vulnerability in Jenkins Ontrack A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. | 9.9 |
2019-03-28 | CVE-2019-1003041 | Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 |
2019-03-28 | CVE-2019-1003040 | Unsafe Reflection vulnerability in multiple products A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 |
2019-03-08 | CVE-2019-1003034 | A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. | 9.9 |
2019-03-08 | CVE-2019-1003032 | Unspecified vulnerability in Jenkins Email Extension A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. | 9.9 |