Required CVE Record Information
Description
Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 2 Total
- https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2311 x_transferred
- openwall.com: [oss-security] 20210421 Multiple vulnerabilities in Jenkins plugins mailing-listx_transferred