Description
A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master.
Remediation
References
https://jenkins.io/security/advisory/2018-06-04/#SECURITY-807
Related Vulnerabilities
CVE-2011-4838 Vulnerability in maven package com.sun.grizzly:jruby
CVE-2023-32996 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2013-4660 Vulnerability in npm package js-yaml
CVE-2019-1003055 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher
CVE-2020-2321 Vulnerability in maven package org.jenkins-ci.plugins:shelve-project-plugin