Описание
System command execution vulnerability in Selection tasks Jenkins Plugin
Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.
Пакеты
Наименование
org.jvnet.hudson.plugins:selection-tasks-plugin
maven
Затронутые версииВерсия исправления
<= 1.0
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
больше 5 лет назад
Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.