CVE-2020-2159

CVSS v3.1 8.8 (High)

CVSS v2.0 9 (High)

EPSS 0.88 % (83^th)

Affected Products 1

Advisories 2

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins.

Weaknesses

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2020-03-09 16:15:15
(4 years ago)
Updated Date: 2023-10-25 18:16:33
(10 months ago)

Affected Products

Jenkins

Cryptomove

Configuration #1

		CPE23	From	Up To
	Jenkins Cryptomove for Jenkins 0.1.33 and prior versions	cpe:2.3:a:jenkins:cryptomove::::::jenkins		<= 0.1.33