Lucene search

K
cvelistJenkinsCVELIST:CVE-2019-10392
HistorySep 12, 2019 - 1:55 p.m.

CVE-2019-10392

2019-09-1213:55:15
jenkins
www.cve.org
1

AI Score

9

Confidence

High

EPSS

0.947

Percentile

99.3%

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of β€˜git ls-remote’, resulting in OS command injection.

CNA Affected

[
  {
    "product": "Jenkins Git Client Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "status": "affected",
        "version": "2.8.4 and earlier, 3.0.0-rc"
      }
    ]
  }
]

AI Score

9

Confidence

High

EPSS

0.947

Percentile

99.3%