Lucene search
PRIOn knowledge basePRION:CVE-2023-28677HistoryApr 02, 2023 - 9:15 p.m.
Code injection
2023-04-0221:15:00
PRIOn knowledge base
www.prio-n.com
4
code injection
jenkins
pipeline plugin
security issue
freestyle projects
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects’ Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted configuration that injects Pipeline script code into the (unsandboxed) Pipeline resulting from a convertion by Jenkins Convert To Pipeline Plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| convert_to_pipeline | le | 1.0 |
Related
cve
cve
CVE-2023-28677
2023-04-02 21:15:09
cvelist
cvelist
CVE-2023-28677
2023-03-23 11:26:06
nvd
nvd
CVE-2023-28677
2023-04-02 21:15:09
veracode
veracode
Remote Code Execution (RCE)
2023-08-22 11:14:09
osv
osv
Jenkins Convert To Pipeline Plugin vulnerable to command injection
2023-04-02 21:30:17
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery
2023-04-02 21:30:17
github
github
Jenkins Convert To Pipeline Plugin vulnerable to command injection
2023-04-02 21:30:17
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery
2023-04-02 21:30:17
