[MAVEN:GHSA-JQ84-6FMM-6QV6] OS command execution vulnerability in Perfecto Plugin
Severity
High
Affected Packages
1
Fixed Packages
1
CVEs
1
Perfecto Plugin allows specifying Perfecto Connect Path and Perfecto Connect File Name in job configurations.
This command is executed on the Jenkins controller in Perfecto Plugin 1.17 and earlier, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller.
Perfecto Plugin 1.18 executes the specified commands on the agent the build is running on.
Package | Affected Version |
---|---|
pkg:maven/io.jenkins.plugins/perfecto | <= 1.17 |
Package | Fixed Version |
---|---|
pkg:maven/io.jenkins.plugins/perfecto | = 1.18 |
- ID
- MAVEN:GHSA-JQ84-6FMM-6QV6
- Severity
- high
- URL
- https://github.com/advisories/GHSA-jq84-6fmm-6qv6
- Published
-
2022-05-24T17:28:26
(2 years ago) - Modified
-
2023-01-28T05:06:13
(19 months ago) - Rights
- Maven Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |