Published: 12/09/2019 Updated: 25/10/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Jenkins Git Client Plugin 2.8.4 and previous versions and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins git client 3.0.0
jenkins git client

Synopsis Important: OpenShift Container Platform 311 jenkins-2-plugins security update Type/Severity Security Advisory: Important Topic An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impact o ...

CVE-2019-10392 RCE Jackson with Git Client Plugin 2.8.2 (Authenticated)

CVE-2019-10392 RCE with Git Client Plugin 282 (Authenticated) 0x01 docker 启动 docker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:lts-alpine 0x02 漏洞环境 Jenkins 21763 Git Client Plugin 282 updatesjenkins-ciorg/download/plugins/git-client/ Git Plugin 3120 参考链接 iwantmorepizza/posts/cve-2

Jenkins Git Client RCE CVE-2019-10392_Exp

CVE-2019-10392_EXP Jenkins Git Client Authenticated RCE CVE-2019-10392_Exp Usage usage: Jenkins Git Client < 282 [-h] -u TARGET [-U USERNAME] [-P PASSWORD] [-i ITEM] [-I INTERACTIVE] [-c COMMAND] optional arguments: -h, --help show this help message and exit -u TARGET, --target TARGET Target

CWE-78 https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1534 http://www.openwall.com/lists/oss-security/2019/09/12/2 https://access.redhat.com/errata/RHSA-2020:2478 https://nvd.nist.gov https://github.com/jas502n/CVE-2019-10392

CVE-2019-10392

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect