Описание
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
Дополнительная информация
Статус:
Important
Дефект:
CWE-78
https://bugzilla.redhat.com/show_bug.cgi?id=1819704jenkins-git-client-plugin: OS command injection via 'git ls-remote'
EPSS
Процентиль: 99%
0.80819
Высокий
8.8 High
CVSS3
Связанные уязвимости
CVSS3: 8.8
nvd
больше 6 лет назад
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
CVSS3: 8.8
github
больше 3 лет назад
Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin
EPSS
Процентиль: 99%
0.80819
Высокий
8.8 High
CVSS3