CVE-2020-2159

2020-03-0916:15:15

Google

osv.dev

7.6 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

JSON

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins.

CPENameOperatorVersion
cryptomove-plugineqcryptomove-0.1.20
cryptomove-plugineqcryptomove-0.1.32
cryptomove-plugineqcryptomove-0.1.17
cryptomove-plugineqcryptomove-0.1.5
cryptomove-plugineqcryptomove-0.1.2
cryptomove-plugineqcryptomove-0.1.30
cryptomove-plugineqcryptomove-0.1.8
cryptomove-plugineqcryptomove-0.1.16
cryptomove-plugineqcryptomove-0.1.6
cryptomove-plugineqcryptomove-0.1.15

Name	Operator	Version
cryptomove-plugin	eq	cryptomove-0.1.20
cryptomove-plugin	eq	cryptomove-0.1.32
cryptomove-plugin	eq	cryptomove-0.1.17
cryptomove-plugin	eq	cryptomove-0.1.5
cryptomove-plugin	eq	cryptomove-0.1.2
cryptomove-plugin	eq	cryptomove-0.1.30
cryptomove-plugin	eq	cryptomove-0.1.8
cryptomove-plugin	eq	cryptomove-0.1.16
cryptomove-plugin	eq	cryptomove-0.1.6
cryptomove-plugin	eq	cryptomove-0.1.15