Vulnerabilities > CVE-2019-10380 - Unspecified vulnerability in Jenkins Simple Travis Pipeline Runner 1.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

jenkins

NVD

Published: 2019-08-07

Updated: 2023-10-25

Summary

Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Simple Travis Pipeline Runner - Jenkins Simple Travis Pipeline Runner 1.0	2

References

https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922
http://www.openwall.com/lists/oss-security/2019/08/07/1