Showing 1 - 3 of 3

CVE-2022-43402

Status Candidate

Overview

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Related Files

Red Hat Security Advisory 2023-3198-01: Posted May 18, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-3198-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, deserialization, information leakage, and insecure permissions vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution, xss, csrf; systems | linux, redhat; advisories | CVE-2021-26291, CVE-2022-1471, CVE-2022-25857, CVE-2022-29599, CVE-2022-30953, CVE-2022-30954, CVE-2022-42889, CVE-2022-43401, CVE-2022-43402, CVE-2022-43403, CVE-2022-43404, CVE-2022-43405, CVE-2022-43406, CVE-2022-43407; SHA-256 | 90baa6d6f8737bc29288b3b786655a657c5e97ed240d5aeb004a1660ffaa76c6; Download | Favorite | View

Red Hat Security Advisory 2023-1064-01: Posted Mar 6, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-1064-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site request forgery, cross site scripting, and deserialization vulnerabilities.; tags | advisory, vulnerability, xss, csrf; systems | linux, redhat; advisories | CVE-2022-29047, CVE-2022-30952, CVE-2022-42003, CVE-2022-42004, CVE-2022-43401, CVE-2022-43402, CVE-2022-43403, CVE-2022-43404, CVE-2022-43405, CVE-2022-43406, CVE-2022-43407, CVE-2022-43408, CVE-2022-43409, CVE-2022-43410; SHA-256 | 914201513c49c4a46c9069d550e5e5e2e0d399b05ba7a90a95a69e7651a59611; Download | Favorite | View

Red Hat Security Advisory 2023-0560-01: Posted Feb 9, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-0560-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, cross site request forgery, cross site scripting, denial of service, deserialization, and improper authorization vulnerabilities.; tags | advisory, denial of service, vulnerability, xss, csrf; systems | linux, redhat; advisories | CVE-2020-7692, CVE-2022-25857, CVE-2022-30946, CVE-2022-30952, CVE-2022-30953, CVE-2022-30954, CVE-2022-36882, CVE-2022-36883, CVE-2022-36884, CVE-2022-36885, CVE-2022-43401, CVE-2022-43402, CVE-2022-43403, CVE-2022-43404; SHA-256 | 87d74e099c44a8fba916939b5b695bf11f9ee4557c7c18075edde2249576eb5c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 202 files
Ubuntu 76 files
Debian 24 files
Ahmet Umit Bayram 6 files
Gentoo 5 files
Amit Roy 4 files
ron190 4 files
Furkan Eren Tetik 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,089)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,072)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,505)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,147)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (16,149)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,606)
UNIX (9,422)
UnixWare (187)
Windows (6,665)
Other

CVE-2022-43402

Overview

Related Files

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems