Vulnerabilities > Jenkins > Script Security

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2020-2110 Improper Input Validation vulnerability in Jenkins Script Security
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.
network
low complexity
jenkins CWE-20
8.8
2019-11-21 CVE-2019-16538 Incorrect Authorization vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.
network
low complexity
jenkins CWE-863
8.8
2019-10-01 CVE-2019-10431 Code Injection vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.
network
low complexity
jenkins CWE-94
critical
9.9
2019-09-12 CVE-2019-10400 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts.
network
high complexity
jenkins
4.2
2019-09-12 CVE-2019-10399 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts.
network
high complexity
jenkins
4.2
2019-09-12 CVE-2019-10394 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.
network
high complexity
jenkins
4.2
2019-09-12 CVE-2019-10393 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.
network
high complexity
jenkins
4.2
2019-07-31 CVE-2019-10356 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
network
low complexity
jenkins redhat
8.8
2019-07-31 CVE-2019-10355 Incorrect Type Conversion or Cast vulnerability in multiple products
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
network
low complexity
jenkins redhat CWE-704
8.8
2019-03-28 CVE-2019-1003040 Unsafe Reflection vulnerability in multiple products
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
network
low complexity
jenkins redhat CWE-470
critical
9.8