CVE-2019-10380

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +16 more potentially affected by CVE-2022-25178 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.17)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0, =1.0, =1.0, =0.1-beta-5, =1.12.1, =2.2, =1.0.4, =0.1, =1.0, =2.3, =1.0, =1.5 and more Source cves: CVE-2022-25178 Source advisory: OSV:GHSA-5HFV-MG5X-MV32...

CVE-2019-10380

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

Code injection

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code...

CVE-2019-10380

Summary: CVE-2019-10380 affects Jenkins Simple Travis Pipeline Runner Plugin (versions 1.0 and earlier). The root cause is unsafe values in the plugin’s custom Script Security whitelist, enabling attackers able to execute Script Security protected scripts to run arbitrary code on vulnerable Jenki...