Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:CTS:JENKINS-GIT-RCE
Severity	Minor
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Jenkins Git Client Remote Command Execution
Release Date	2019/11/28
Update Number	3228
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Jenkins Git Client Remote Command Execution

This signature detects attempts to exploit a known vulnerability against Git Client plugin of Jenkins CI. A successful attack can lead to arbitrary code execution.

Extended Description

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

Affected Products

Jenkins git_client 2.8.4
Jenkins git_client 3.0.0

References

CVE: CVE-2019-10392
URL: https://jenkins.io/security/advisory/2019-09-12/

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Jenkins Git Client Remote Command Execution

Extended Description

Affected Products

References