GHSA-hw6x-2qwv-rxr7

Source

https://github.com/advisories/GHSA-hw6x-2qwv-rxr7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hw6x-2qwv-rxr7/GHSA-hw6x-2qwv-rxr7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hw6x-2qwv-rxr7

Aliases

CVE-2019-10392

Published

2022-05-24T16:55:58Z

Modified

2024-02-16T08:18:47.231984Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin

Details

Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

References

Affected packages

Maven / org.jenkins-ci.plugins:git-client

Package

Name: org.jenkins-ci.plugins:git-client; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/git-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.5

Affected versions

1.*

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1

1.1.1

1.1.2

1.2.0

1.3.0

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.5.0

1.5.1

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.7.0

1.8.0

1.8.1

1.9.0

1.9.1

1.9.2

1.10.0

1.10.1

1.10.2

1.11.0

1.11.1

1.12.0

1.13.0

1.14.0

1.14.1

1.15.0

1.16.1

1.17.0

1.17.1

1.18.0

1.19.0

1.19.1

1.19.2

1.19.3

1.19.4

1.19.5

1.19.6

1.19.7

1.20.0-beta1

1.20.0-beta2

1.20.0-beta3

1.20.2

1.21.0

2.*

2.0.0-beta1

2.0.0-beta2

2.0.0-beta3

2.0.0-beta4

2.0.0

2.1.0

2.2.0

2.2.1

2.3.0

2.4.0

2.4.1

2.4.2

2.4.4

2.4.5

2.4.6

2.5.0

2.6.0

2.7.0

2.7.1

2.7.2

2.7.3

2.7.3.1

2.7.4

2.7.4.1

2.7.5

2.7.6

2.7.7

2.7.7.1

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

Database specific

{
    "last_known_affected_version_range": "<= 2.8.4"
}