Description
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
Remediation
References
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922
http://www.openwall.com/lists/oss-security/2019/08/07/1
Related Vulnerabilities
CVE-2018-1000194 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-2692 Vulnerability in maven package mysql:mysql-connector-java
CVE-2023-32989 Vulnerability in maven package org.jenkins-ci.plugins:azure-vm-agents
CVE-2018-14731 Vulnerability in npm package parcel-bundler
CVE-2022-25312 Vulnerability in maven package org.apache.any23:apache-any23