Lucene search

GitHub Advisory DatabaseGHSA-7C44-M589-36W7

HistoryApr 02, 2023 - 9:30 p.m.

Jenkins Convert To Pipeline Plugin vulnerable to command injection

2023-04-0221:30:17

CWE-77

GitHub Advisory Database

github.com

jenkins

convert to pipeline plugin

command injection

security

vulnerability

freestyle projects

administrator

pipeline step invocations

unsandboxed

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.0%

JSON

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects’ Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations.

This allows attackers able to configure Freestyle projects to prepare a crafted configuration that injects Pipeline script code into the (unsandboxed) Pipeline resulting from a conversion by Convert To Pipeline Plugin. If an administrator converts the Freestyle project to a Pipeline, the script will be pre-approved.

Affected configurations

Vulners

Node

jenkinsconvert_to_pipelineRange≤1.0jenkins

CPENameOperatorVersion
org.jenkins-ci.plugins:convert-to-pipelinele1.0

CPE	Name	Operator	Version
	org.jenkins-ci.plugins:convert-to-pipeline	le	1.0

References

github.com/advisories/GHSA-7c44-m589-36w7

nvd.nist.gov/vuln/detail/CVE-2023-28677

www.jenkins.io/security/advisory/2023-03-21/#SECURITY-2966

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.0%

JSON

Related for GHSA-7C44-M589-36W7