VYPR

Pipeline: Declarative Plugin

by Jenkins Project

Source repositories

CVEs (2)

  • CVE-2019-1003002Jan 22, 2019
    risk 0.03cvss epss 0.82

    A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline…

  • CVE-2024-52551Nov 13, 2024
    risk 0.00cvss epss 0.01

    Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose…