Vulnerability CVE-2019-10380

Vulnerability CVE-2019-10380

Published: 2019-08-07

Description:

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Type:

CWE-254

(Security Features)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.5/10	6.4/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Jenkins -> Simple travis pipeline runner

References:

http://www.openwall.com/lists/oss-security/2019/08/07/1

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922

Copyright 2024, cxsecurity.com