Описание
Missing permission checks in Jenkins Distributed Fork Plugin
It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.
Пакеты
Наименование
org.jenkins-ci.plugins:distfork
maven
Затронутые версииВерсия исправления
<= 1.5.0
1.6.0
Связанные уязвимости
CVSS3: 8.8
nvd
около 7 лет назад
It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.