Description
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922
Related Vulnerabilities
CVE-2020-1935 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2019-10373 Vulnerability in maven package org.jenkins-ci.plugins:build-pipeline-plugin
CVE-2021-46063 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core
CVE-2020-6423 Vulnerability in maven package org.webjars.npm:electron