CVE-2026-42519

<= 1399.ve6a_66547f6e1

A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read pe

4.3MEDIUM

CVE-2024-52549

< 1362.1364.v4cf2dc5d8776

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, do

4.3MEDIUM

CVE-2024-34145

<= 1335.vf07d9ce377a_e

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Scrip

8.8HIGH

CVE-2024-34144

<= 1335.vf07d9ce377a_e

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earl

9.8CRITICAL

CVE-2023-24422

< 1229.v4880b_b_e905a_6

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allow

8.8HIGH

CVE-2022-45379

< 1190.v65867a_a_47126

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, ma

7.5HIGH

CVE-2022-43404

<= 1183.v774b_0b_0a_a_451

A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenki

9.9CRITICAL

CVE-2022-43403

<= 1183.v774b_0b_0a_a_451

A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b

9.9CRITICAL

CVE-2022-43401

<= 1183.v774b_0b_0a_a_451

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Secur

9.9CRITICAL

CVE-2022-30946

< 1172.v35f6a_0b_8207e

A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attac

4.3MEDIUM

CVE-2020-2279

<= 1.74

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandb

9.9CRITICAL

CVE-2020-2190

<= 1.72

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process

5.4MEDIUM

CVE-2020-2135

<= 1.70

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on object

8.8HIGH

CVE-2020-2134

<= 1.70

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and

8.8HIGH

CVE-2020-2110

<= 1.69

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by

8.8HIGH

CVE-2019-16538

<= 1.67

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter exp

8.8HIGH

CVE-2019-10431

<= 1.64

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter exp

9.9CRITICAL

CVE-2019-10400

<= 1.62

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in inc

4.2MEDIUM

CVE-2019-10399

<= 1.62

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in pro

4.2MEDIUM

CVE-2019-10394

<= 1.62

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in pro

4.2MEDIUM

CVE-2019-10393

<= 1.62

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in metho

4.2MEDIUM

CVE-2019-10356

<= 1.61

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expres

8.8HIGH

CVE-2019-10355

<= 1.61

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed at

8.8HIGH

CVE-2019-1003040

<= 1.55

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructor

9.8CRITICAL

CVE-2019-1003029

<= 1.53

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/sc

9.9CRITICAL

CVE-2019-1003024

<= 1.52

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java tha

8.8HIGH

CVE-2019-1003005

<= 1.50

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/sc

8.8HIGH

CVE-2019-1003000

<= 1.49

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecu

8.8HIGH

CVE-2018-1000865

<= 1.47

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groov

8.8HIGH

CVE-2017-1000505

<= 1.36

In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able

6.5MEDIUM

CVE-2017-1000107

all versions

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super const

8.8HIGH

CVE-2017-1000095

all versions

The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMeth

6.5MEDIUM

CVE-2016-3102

all versions

The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism v

7.3HIGH