Описание
OS command injection in CryptoMove Plugin
CryptoMove Plugin 0.1.33 and earlier allows the configuration of an OS command to execute as part of its build step configuration. This command will be executed on the Jenkins controller as the OS user account running Jenkins, allowing user with Job/Configure permission to execute an arbitrary OS command on the Jenkins controller.
Пакеты
Наименование
io.jenkins.plugins:cryptomove
maven
Затронутые версииВерсия исправления
<= 0.1.33
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
почти 6 лет назад
Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins.