Описание
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
Ссылки
- Mailing ListThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Mailing ListThird Party Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
EPSS
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin
EPSS
8.8 High
CVSS3
6.5 Medium
CVSS2