Описание
Jenkins Simple Travis Pipeline Runner Plugin script sandbox bypass vulnerability
Jenkins Simple Travis Pipeline Runner Plugin defines a custom list of pre-approved signatures for scripts protected by the Script Security sandbox.
This custom list of pre-approved signatures allows the use of methods that can be used to bypass Script Security sandbox protection. This results in arbitrary code execution on any Jenkins instance with this plugin installed.
As of publication of this advisory, there is no fix.
Пакеты
org.jenkins-ci.plugins:simple-travis-runner
<= 1.0
Отсутствует
Связанные уязвимости
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.