CVE-2024-34145

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-290
View all →

Vulnerability Description

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Related Vulnerabilities

CVE-2018-16483

HIGH
CVSS:8.8(High)

A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.

CWE-2902018

CVE-2018-5354

HIGH
CVSS:8.8(High)

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, i...

CWE-2902018

CVE-2019-16766

HIGH
CVSS:8.8(High)

When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new dev...

CWE-2902019

CVE-2022-32744

HIGH
CVSS:8.8(High)

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabli...

CWE-2902022

CVE-2022-42983

HIGH
CVSS:8.8(High)

anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.

CWE-2902022