Description
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922
Related Vulnerabilities
CVE-2023-37952 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2020-36189 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2021-27850 Vulnerability in maven package org.apache.tapestry:tapestry-core
CVE-2022-42467 Vulnerability in maven package org.apache.isis.core:isis-core-config
CVE-2019-10475 Vulnerability in maven package org.jenkins-ci.plugins:build-metrics