Code injection

2019-08-0715:15:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

CPENameOperatorVersion
simple_travis_pipeline_runnerle1.0

CPE	Name	Operator	Version
	simple_travis_pipeline_runner	le	1.0

References

www.openwall.com/lists/oss-security/2019/08/07/1

jenkins.io/security/advisory/2019-08-07/