Jenkins: >> Script Security >> 1.70 Security Vulnerabilities
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-06-03
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-09
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-09
Page 2