[MAVEN:GHSA-P5X5-JG3J-2JCJ] OS command injection in CryptoMove Plugin
Severity
High
Affected Packages
1
CVEs
1
CryptoMove Plugin 0.1.33 and earlier allows the configuration of an OS command to execute as part of its build step configuration. This command will be executed on the Jenkins controller as the OS user account running Jenkins, allowing user with Job/Configure permission to execute an arbitrary OS command on the Jenkins controller.
Package | Affected Version |
---|---|
pkg:maven/io.jenkins.plugins/cryptomove | <= 0.1.33 |
- ID
- MAVEN:GHSA-P5X5-JG3J-2JCJ
- Severity
- high
- URL
- https://github.com/advisories/GHSA-p5x5-jg3j-2jcj
- Published
-
2022-05-24T17:10:30
(2 years ago) - Modified
-
2023-01-29T05:01:19
(19 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/io.jenkins.plugins/cryptomove | io.jenkins.plugins | cryptomove | <= 0.1.33 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |