Back to search
CVE-2020-2200
Published: Jun 3, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master.
| Vendor | Product | Versions |
|---|---|---|
Jenkins project | Jenkins Play Framework Plugin | affected unspecified - <= 1.0.2unknown next of 1.0.2 - < unspecified |
References
https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1879
x_refsource_CONFIRM
[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now