Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2019/08/07/1 | Mailing List Third Party Advisory |
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2019-08-07 15:15
Updated : 2023-10-25 18:16
NVD link : CVE-2019-10380
Mitre link : CVE-2019-10380
CVE.ORG link : CVE-2019-10380
JSON object : View
Products Affected
jenkins
- simple_travis_pipeline_runner
CWE