GHSA-h5mv-fv98-gqmq

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

OS command injection vulnerability in Jenkins Play Framework Plugin

A form validation endpoint in Play Framework Plugin executes the play command to validate a given input file.

Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins controller. This results in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins controller (e.g. through archiving artifacts).

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:play-autotest-plugin

maven

Затронутые версииВерсия исправления

<= 1.0.2

Отсутствует

EPSS

Процентиль: 86%

0.03019

Низкий

8.8 High

CVSS3

CVE ID

CVE-2020-2200

Дефекты

CWE-78

Связанные уязвимости

CVE-2020-2200

CVSS3: 8.8

nvd

больше 5 лет назад

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master.

EPSS

Процентиль: 86%

0.03019

Низкий

8.8 High

CVSS3

CVE ID

CVE-2020-2200

Дефекты

CWE-78