Description

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922

Related Vulnerabilities

CVE-2018-9207 Vulnerability in npm package jquery-file-upload

CVE-2020-2186 Vulnerability in maven package org.jenkins-ci.plugins:ec2

CVE-2021-23807 Vulnerability in npm package jsonpointer

CVE-2023-45133 Vulnerability in npm package @babel/traverse

CVE-2018-8034 Vulnerability in maven package org.apache.tomcat:tomcat-websocket

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other