Description

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922

Related Vulnerabilities

CVE-2023-39152 Vulnerability in maven package org.jenkins-ci.plugins:gradle

CVE-2019-13127 Vulnerability in maven package org.webjars.bower:mxgraph

CVE-2022-31167 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security

CVE-2022-41853 Vulnerability in maven package org.hsqldb:hsqldb

CVE-2022-1330 Vulnerability in maven package org.webjars.bower:fullpage

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other