Описание
Missing permission checks in Jenkins Sounds Plugin allow OS command execution
Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins.
Пакеты
Наименование
org.jenkins-ci.plugins:sounds
maven
Затронутые версииВерсия исправления
< 0.6
0.6
Связанные уязвимости
CVSS3: 8.8
nvd
около 6 лет назад
Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins.