CVE-2019-10392

Опубликовано: 12 сент. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Высокий

Описание

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

Ссылки

http://www.openwall.com/lists/oss-security/2019/09/12/2
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1534
Vendor Advisory
http://www.openwall.com/lists/oss-security/2019/09/12/2
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1534
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jenkins:git_client:*:*:*:*:*:jenkins:*:*

Версия до 2.8.4 (включая)

cpe:2.3:a:jenkins:git_client:3.0.0:rc:*:*:*:jenkins:*:*

EPSS

Процентиль: 99%

0.80819

Высокий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2019-10392

CVSS3: 8.8

redhat

больше 6 лет назад

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

GHSA-hw6x-2qwv-rxr7

CVSS3: 8.8

github

больше 3 лет назад

Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin

EPSS

Процентиль: 99%

0.80819

Высокий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78