VYPR

Templating Engine Plugin

by Jenkins Project

Source repositories

CVEs (2)

  • CVE-2025-31722Apr 2, 2025
    risk 0.00cvss epss 0.01

    In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.

  • CVE-2021-21646Apr 21, 2021
    risk 0.00cvss epss 0.02

    Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.