Description

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922

Related Vulnerabilities

CVE-2019-1003057 Vulnerability in maven package org.jenkins-ci.plugins:bitbucket-approve

CVE-2022-36890 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework

CVE-2019-10319 Vulnerability in maven package org.jenkins-ci.plugins:pam-auth

CVE-2019-20444 Vulnerability in maven package io.netty:netty-codec-http

CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-engine

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other