GHSA-p6qc-37hq-wqr6

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Remote code execution vulnerability in Jenkins Templating Engine Plugin

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin.

This vulnerability allows attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.

Jenkins Templating Engine Plugin 2.2 integrates with Script Security Plugin to protect its pipeline configurations.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:templating-engine

maven

Затронутые версииВерсия исправления

<= 2.1

2.2

EPSS

Процентиль: 59%

0.00387

Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-21646

Дефекты

CWE-693

Связанные уязвимости

CVE-2021-21646

CVSS3: 8.8

nvd

почти 5 лет назад

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.

EPSS

Процентиль: 59%

0.00387

Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-21646

Дефекты

CWE-693