CVE-2019-10380

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

Jenkins Simple Travis Pipeline Runner Plugin script sandbox bypass vulnerability

Jenkins Simple Travis Pipeline Runner Plugin defines a custom list of pre-approved signatures for scripts protected by the Script Security sandbox. This custom list of pre-approved signatures allows the use of methods that can be used to bypass Script Security sandbox protection. This results in...

CVE-2019-10380

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

Code injection

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

CVE-2019-10380

Summary: CVE-2019-10380 affects Jenkins Simple Travis Pipeline Runner Plugin (versions 1.0 and earlier). The root cause is unsafe values in the plugin’s custom Script Security whitelist, enabling attackers able to execute Script Security protected scripts to run arbitrary code on vulnerable Jenki...