Articles
Newsflash
10 Jul 2026 DevOps
Jenkins: Sandbox Bypass in Script Security Plugin

In Script Security Plugin component for Jenkins versions 1402.v94c9ce464861 and earlier a high severity vulnerability CVE-2026-57280 was detected. This vulnerability allows attackers to bypass sandbox protection. To address this issue, users should upgrade Script Security Plugin to version 1402.1405.vc96e74964250 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57280.

Read more
Developer Tools
10 Jul 2026 DevOps
Jenkins: Sandbox escape in Script Security Plugin

In Script Security Plugin component for Jenkins versions 1402.v94c9ce464861 and earlier a high severity vulnerability CVE-2026-57281 was detected. This vulnerability allows attackers to execute code outside the sandbox. To address this issue, users should upgrade Script Security Plugin to version 1402.1405.vc96e74964250 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57281.

Read more
Developer Tools
10 Jul 2026 DevOps
Jenkins: Arbitrary command execution in Git client Plugin

In Git client Plugin component for Jenkins versions 6.6.0 and earlier a medium severity vulnerability CVE-2026-57282 was detected. This vulnerability allows attackers who can control the name of a build’s working directory to execute arbitrary operating system commands on the agent. To address this issue, users should upgrade Git client Plugin to version 6.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57282.

Read more
Developer Tools
10 Jul 2026 DevOps
Jenkins: Cross-Site Request Forgery vulnerability in Pipeline: Groovy Plugin

In Pipeline: Groovy Plugin component for Jenkins versions 4331.v9d06ed4658ff and earlier a medium severity vulnerability CVE-2026-57283 was detected. This vulnerability allows attackers to instantiate unauthorized types through the Pipeline Snippet Generator. To address this issue, users should upgrade Pipeline: Groovy Plugin to version 4331.4333.v50a_b_076c5199 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57283.

Read more
Developer Tools
10 Jul 2026 DevOps
Jenkins: Improper Type Restriction in Pipeline: Groovy Plugin

In Pipeline: Groovy Plugin component for Jenkins versions 4331.v9d06ed4658ff and earlier a medium severity vulnerability CVE-2026-57284 was detected. This vulnerability allows attackers to instantiate restricted types related to job or system configuration. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57284.

Read more
Developer Tools
9 Jul 2026 Communication and Collaboration
ArchiveBox: Stored Cross-Site Scripting (XSS) via wget Extractor

In ArchiveBox versions up to and including 0.6.2 a medium severity vulnerability CVE-2023-45815 was detected. This vulnerability allows an attacker to execute malicious JavaScript in the context of a user’s session, leading to Stored Cross-Site Scripting (XSS) and potential account takeover. This occurs because ArchiveBox serves archived content from the same host and port as its admin panel, which bypasses standard browser CORS and CSRF protections. If a user utilizes the wget extractor to archive a maliciously crafted page and subsequently views the output, the embedded JavaScript executes. For authenticated administrators, this allows the script to silently perform admin actions, such as adding, modifying, or removing snapshots and users. For unauthenticated users, the script can still read all other archived content. To address this issue, users should upgrade ArchiveBox to version 0.9.0 or later. As a temporary mitigation, administrators can disable the wget extractor by setting SAVE_WGET=False, ensure they are logged out before viewing archives, or serve a static HTML version of the archive. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-45815.

Read more
Utility
Case Studies