CVE-2019-10392 – org.jenkins-ci.plugins:git-client

Package

Manager: maven
Name: org.jenkins-ci.plugins:git-client
Vulnerable Version: >=0 <=2.8.4 || =3.0.0-rc

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.84573 pctl0.99286

Details

Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

Metadata

Created: 2022-05-24T16:55:58Z
Modified: 2022-06-28T22:28:13Z
Source: MANUAL
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-hw6x-2qwv-rxr7
Finding: F404
Auto approve: 1