Skip to main content
CVE-2019-1003005 HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Script Security
NVD GitHub
CVSS 3.1
8.8
EPSS
19.0%
CVE-2019-7548 HIGH POC PATCH This Week

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SQLi Sqlalchemy Debian Linux Backports Sle Leap +5
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2019-3823 HIGH POC PATCH This Week

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcurl Ubuntu Linux Debian Linux +4
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2019-1003016 HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Job Import
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-1003008 HIGH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE CSRF Warnings Next Generation
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-1003007 HIGH PATCH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE CSRF Warnings
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-1003006 HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Jenkins RCE Groovy
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-1003011 HIGH PATCH This Week

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins Information Disclosure Token Macro +1
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2019-1003009 HIGH PATCH This Week

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java,. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Active Directory
NVD
CVSS 3.0
7.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy