Описание
Jenkins Azure CLI Plugin does not restrict the commands it executes
Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller.
This allows attackers with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller.
As of publication of this advisory, there is no fix.
Пакеты
Наименование
org.jenkins-ci.plugins:azure-cli
maven
Затронутые версииВерсия исправления
<= 0.9
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
3 месяца назад
Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.