Russian Vulnerability Scanner Database

Back to List

CVE-2019-10392

Scores

EPSS

0.808high80.8%
0%20%40%60%80%100%

Percentile: 80.8%

CVSS

8.8high3.x
0246810

CVSS Score: 8.8/10

All CVSS Scores

CVSS 3.x
8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Description

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of ‘git ls-remote’, resulting in OS command injection.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvdredhat

CWEs

CWE-78

Exploits

Exploit ID: CVE-2019-10392

Source: github-poc

URL: https://github.com/shoucheng3/jenkinsci__git-client-plugin_CVE-2019-10392_2-8-4

Vulnerable Software (35)

Type: Configuration

Product: atomic-enterprise-service-catalog

Operating System: rhel

Trait: 
{  "fixed": "4.1.37-202003020601.git.0.5784dc4.el7"}

Source: redhat

Type: Configuration

Product: atomic-enterprise-service-catalog

Operating System: rhel

Trait: 
{  "fixed": "4.2.20-202002170402.git.1.159e2f5.el7"}

Source: redhat

Type: Configuration

Product: atomic-enterprise-service-catalog

Operating System: rhel

Trait: 
{  "fixed": "4.3.3-202002170501.git.1.f30799e.el7"}

Source: redhat

Type: Configuration

Product: atomic-openshift-service-idler

Operating System: rhel

Trait: 
{  "fixed": "4.2.20-202002170402.git.1.43218bc.el7"}

Source: redhat

Type: Configuration

Product: atomic-openshift-service-idler

Operating System: rhel

Trait: 
{  "fixed": "4.3.3-202002170501.git.1.4feff9c.el7"}

Source: redhat

Type: Configuration

Product: cri-o

Operating System: rhel

Trait: 
{  "fixed": "1.13.12-6.dev.rhaos4.1.git8abaaeb.el7"}

Source: redhat

Type: Configuration

Product: cri-o

Operating System: rhel

Trait: 
{  "fixed": "1.14.12-19.dev.rhaos4.2.git313d784.el7"}

Source: redhat

Type: Configuration

Product: cri-o

Operating System: rhel

Trait: 
{  "fixed": "1.16.3-20.dev.rhaos4.3.git11c04e3.el7"}

Source: redhat

Type: Configuration

Product: cri-tools

Operating System: rhel

Trait: 
{  "fixed": "1.17.0-1.el8"}

Source: redhat

Type: Configuration

Product: dracut

Operating System: rhel

Trait: 
{  "fixed": "049-64.git20200123.el8"}

Source: redhat

Type: Configuration

Product: jenkins

Operating System: rhel

Trait: 
{  "fixed": "2.204.2.1583849753-1.el7"}

Source: redhat

Type: Configuration

Product: jenkins

Operating System: rhel

Trait: 
{  "fixed": "2.204.1.1581951349-1.el7"}

Source: redhat

Type: Configuration

Product: jenkins

Operating System: rhel

Trait: 
{  "fixed": "2.204.1.1581950993-1.el7"}

Source: redhat

Type: Configuration

Product: jenkins-2-plugins

Operating System: rhel

Trait: 
{  "fixed": "3.11.1591354111-1.el7"}

Source: redhat

Type: Configuration

Product: jenkins-2-plugins

Operating System: rhel

Trait: 
{  "fixed": "4.1.1583850385-1.el7"}

Source: redhat

Type: Configuration

Product: jenkins-2-plugins

Operating System: rhel

Trait: 
{  "fixed": "4.2.1581952573-1.el7"}

Source: redhat

Type: Configuration

Product: jenkins-2-plugins

Operating System: rhel

Trait: 
{  "fixed": "4.3.1581956184-1.el7"}

Source: redhat

Type: Configuration

Product: machine-config-daemon

Operating System: rhel

Trait: 
{  "fixed": "4.2.20-202002170402.git.1.a83336a.el8"}

Source: redhat

Type: Configuration

Product: machine-config-daemon

Operating System: rhel

Trait: 
{  "fixed": "4.3.3-202002170501.git.1.6b1b155.el8"}

Source: redhat

Type: Configuration

Product: openshift

Operating System: rhel

Trait: 
{  "fixed": "4.2.20-202002140432.git.0.47933cb.el7"}

Source: redhat