Vulnerabilities > Jenkins > Script Security > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-22 | CVE-2019-1003000 | A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. | 8.8 |
2017-02-09 | CVE-2016-3102 | 7PK - Security Features vulnerability in Jenkins Script Security The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. | 7.5 |