Description

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922

Related Vulnerabilities

CVE-2018-11778 Vulnerability in maven package org.apache.ranger:ranger

CVE-2021-23445 Vulnerability in npm package datatables.net

CVE-2019-10419 Vulnerability in maven package org.jenkins-ci.plugins:application-director-plugin

CVE-2021-46089 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core

CVE-2021-27290 Vulnerability in maven package org.webjars.npm:ssri

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-Other