VDB
CVE-2019-10392
CVE-2019-10392
PUBLISHED
Reported by jenkins · Published September 12, 2019
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins project | Jenkins Git Client Plugin | 2.8.4 and earlier, 3.0.0-rc |
| Maven | org.jenkins-ci.plugins:git-client | 0, 0 |
| Jenkins project | Jenkins Git Client Plugin | 2.8.4 and earlier, 3.0.0-rc, 2.8.4 and earlier, 3.0.0-rc |
Timeline
- Sep 12, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 10, 2023 EPSS Score
- Jul 13, 2023 EPSS Score
References
- x_refsource_MISC
- [oss-security] 20190912 Multiple vulnerabilities in Jenkins plugins mailing-listx_refsource_MLIST
- https://nvd.nist.gov/vuln/detail/CVE-2019-10392 advisory
- https://github.com/advisories/GHSA-hw6x-2qwv-rxr7 advisory