Description

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922

Related Vulnerabilities

CVE-2016-2510 Vulnerability in maven package org.beanshell:bsh

CVE-2023-35142 Vulnerability in maven package com.checkmarx.jenkins:checkmarx

CVE-2020-15087 Vulnerability in maven package io.prestosql:presto-main

CVE-2023-1436 Vulnerability in maven package org.codehaus.jettison:jettison

CVE-2021-21346 Vulnerability in maven package com.thoughtworks.xstream:xstream

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other