VulnerableCode Package Details - pkg:rpm/redhat/jenkins-plugin-script-security@1.29-1?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-cskh-ruh2-6yew Aliases: CVE-2017-1000095 GHSA-m68x-cc2f-gr5h	Incorrect Permission Assignment for Critical Resource The script-security plugin allows circumventing many of the access restrictions implemented in the script sandbox.	There are no reported fixed by versions.
VCID-ep8y-hq9y-afcu Aliases: CVE-2017-15138	atomic-openshift: cluster-reader can escalate to creating builds via webhooks in any project	There are no reported fixed by versions.
VCID-jqgq-yvxr-r7hs Aliases: CVE-2017-12195	3: authentication bypass for elasticsearch with external routes	There are no reported fixed by versions.
VCID-u9ph-5sbd-mfgp Aliases: CVE-2018-1000169 GHSA-cpw3-x7gf-p872	Information Exposure Jenkins allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.	There are no reported fixed by versions.
VCID-vtvy-ec7a-xua9 Aliases: CVE-2017-15137	atomic-openshift: image import whitelist can be bypassed by creating an imagestream or using oc tag	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-cskh-ruh2-6yew
Aliases:
CVE-2017-1000095
GHSA-m68x-cc2f-gr5h

Incorrect Permission Assignment for Critical Resource The script-security plugin allows circumventing many of the access restrictions implemented in the script sandbox.