ICT & Cyber Security

[Bug 1819095] CVE-2020-2109 jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods

Author:



A vulnerability was found in Jenkins Pipeline: Groovy Plugin 2.78 and earlier, where sandbox protection can be circumvented through default parameter expressions in CPS-transformed methods. Reference:

You need to log in before you can comment on or make changes to this bug.



Source link

You must be logged in to post a comment.

RELATED STORIES
Category Product Vulnerabilities

SECURTEC 優易資訊股份有限公司 – 最新消息 – 駭客開始利用Windows Server的Zerologon漏洞發動攻擊

September 26, 2020
駭客開始利用Windows Server的Zerologon漏洞發動攻擊 刊登日期:2020-09-26      資料來源:iThome 微軟安全團隊發現開採CVE-2020-1472漏洞的攻擊行動 針對9月稍早美國國土安全部發出緊急修補指令的重大漏洞Zerologon,微軟昨(24)日警告,已經偵測到真的攻擊活動,呼籲企業應立即修補漏洞。 微軟安全團隊指出,目前正密切追蹤開採又名Zerologon的CVE-2020-1472...
Read More
Category Product Vulnerabilities

PwnXSS – Vulnerability XSS Scanner Exploit

September 25, 2020
python 3.7 Commands: XSS scanner git clone https://github.com/pwn0sec/PwnXSS Main features crawling all links on a...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Instagram Hacked – Critical Vulnerability Let Attackers Take Control

September 24, 2020
A critical security vulnerability with the Instagram app lets attackers take over the victim’s Instagram...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Interface Security Systems provides retail video monitoring solution | Security News

September 23, 2020
Transport security: utilising the cloud to manage passenger flow and improve health & safety Throughout...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

90后程序员为“炫技”入侵67万台计算机 半年内获利256万 – 警告! – cnBeta.COM

September 22, 2020
有的程序员写代码写到头秃,有的程序员却通过黑吃黑获利百万。近期,据钱江晚报报道,一个 90 后程序员,两年间非法控制计算机 67 万余台,并利用漏洞“黑吃黑”博彩网站,半年内从中获利 256 万余元…….而这一切的源头,仅仅是因为这位老兄想要“炫技”。 访问: 阿里云推出高校特惠专场:0元体验入门云计算 快速部署创业项目 吃瓜群众也是颇为不解:“生财之道可不仅这一种,为什么要断送自己的下半生?” 最近,这位程序员也为自己的行为付出了代价。 根据杭州市西湖法院一审判决的视频资料中得知,西湖法院以诈骗罪、非法控制计算机信息系统罪数罪并罚分别判处被告人马某有期徒刑十一年六个月,并处罚金人民币五十万元;判处被告人杨某(同伙)有期徒刑十一年六个月,并处罚金人民币四十七万元;以诈骗罪分别判处其余 2...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Zerologon: US-Behörden sollen Patch für CVE-2020-1472 installieren

September 21, 2020
Die Cybersicherheitsabteilung des US-Heimatschutzministeriums hat die zivilen Bundesbehörden angewiesen, einen Sicherheitspatch für Windows-Server zu installieren,...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

US-Heimatschutzministerium warnt vor gefährlicher Windows-Lücke

September 20, 2020
Es ist eine Lücke, von der jeder Angreifer träumt: Unter dem Namen “Zerologon” war vor...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

CVE-2020-5421 – Alert Detail – Security Database

September 19, 2020
Executive Summary This vulnerability is currently undergoing analysis and not all information is available. Please...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Ransomware : une attaque suspectée d’avoir provoqué un décès en Allemagne

September 18, 2020
Les autorités allemandes enquêtent sur la mort d’un patient à la suite d’une attaque...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Kritische Schadcode-Lücke in Trend Micro ServerProtect bedroht Linux

September 17, 2020
Damit keine Malware auf Linux-Servern landet, sollten Admins die eigentlich schützende Software ServerProtect for Linux...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact