Arbitrary Code Execution in Jenkins Simple Travis Pipeline Runner Plugin

Arbitrary Code Execution in Jenkins Simple Travis Pipeline Runner Plugin

CVE-2019-10380 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Learn more about our Web Application Penetration Testing UK.