Skip to main content

Jenkins Script Security Plugin

2 CVEs product

Monthly

CVE-2026-57281 HIGH This Week

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.

Jenkins Information Disclosure Jenkins Script Security Plugin
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-57280 HIGH This Week

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.

Authentication Bypass Jenkins Jenkins Script Security Plugin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH This Week

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.

Jenkins Information Disclosure Jenkins Script Security Plugin
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.

Authentication Bypass Jenkins Jenkins Script Security Plugin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy