Description

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922

Related Vulnerabilities

CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bcprov-jdk18on

CVE-2019-18841 Vulnerability in npm package chartkick

CVE-2017-5617 Vulnerability in maven package com.metsci.ext.com.kitfox.svg:svg-salamander

CVE-2019-10794 Vulnerability in npm package component-flatten

CVE-2023-50774 Vulnerability in maven package org.jenkins-ci.plugins:htmlresource

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other