Jenkins: >> Script Security >> 1.53 Security Vulnerabilities
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-07-31
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-07-31
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
CVSS Score
9.8
EPSS Score
0.023
Published
2019-03-28
CVE-2019-1003029
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
Known exploited
CVSS Score
9.9
EPSS Score
0.928
Published
2019-03-08
Page 3