Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43637

Arbitrary code execution vulnerability

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      According to https://jenkins.io/security/advisory/2017-04-10/ this plugin suffers from arbitrary code execution vulnerability.

        Attachments

          Activity

          Descending order - Click to sort in ascending order
          Hide
          Permalink
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Daniel Spilker
          Path:
          docs/Home.md
          docs/Migration.md
          job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/helpers/publisher/PublisherContext.groovy
          job-dsl-core/src/test/groovy/javaposse/jobdsl/dsl/helpers/publisher/PublisherContextSpec.groovy
          http://jenkins-ci.org/commit/job-dsl-plugin/ef3a5831d774ef8597727ab7e9a5ef18904cf01e
          Log:
          Merge pull request #1097 from daspilker/JENKINS-43637

          Un-deprecated support for the PostBuildScript plugin

          Compare: https://github.com/jenkinsci/job-dsl-plugin/compare/465b8b79c22b...ef3a5831d774

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Spilker Path: docs/Home.md docs/Migration.md job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/helpers/publisher/PublisherContext.groovy job-dsl-core/src/test/groovy/javaposse/jobdsl/dsl/helpers/publisher/PublisherContextSpec.groovy http://jenkins-ci.org/commit/job-dsl-plugin/ef3a5831d774ef8597727ab7e9a5ef18904cf01e Log: Merge pull request #1097 from daspilker/ JENKINS-43637 Un-deprecated support for the PostBuildScript plugin Compare: https://github.com/jenkinsci/job-dsl-plugin/compare/465b8b79c22b...ef3a5831d774
          Hide
          Permalink
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Daniel Beck
          Path:
          src/main/resources/artifact-ignores.properties
          src/main/resources/warnings.json
          http://jenkins-ci.org/commit/backend-update-center2/63abf23d696ee85cff3c5121a1c4224213bd3eb6
          Log:
          Merge pull request #169 from dheid/master

          JENKINS-43637 Removed blacklisting from PostBuildScript plugin

          Compare: https://github.com/jenkins-infra/backend-update-center2/compare/bf2b908ebd12...63abf23d696e

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: src/main/resources/artifact-ignores.properties src/main/resources/warnings.json http://jenkins-ci.org/commit/backend-update-center2/63abf23d696ee85cff3c5121a1c4224213bd3eb6 Log: Merge pull request #169 from dheid/master JENKINS-43637 Removed blacklisting from PostBuildScript plugin Compare: https://github.com/jenkins-infra/backend-update-center2/compare/bf2b908ebd12...63abf23d696e
          Hide
          Permalink
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Daniel Heid
          Path:
          src/main/resources/artifact-ignores.properties
          src/main/resources/warnings.json
          http://jenkins-ci.org/commit/backend-update-center2/c02dcbe2c40684f196fd118b3885770963dbc913
          Log:
          JENKINS-43637 Removed blacklisting from PostBuildScript plugin and customized update center warning

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Heid Path: src/main/resources/artifact-ignores.properties src/main/resources/warnings.json http://jenkins-ci.org/commit/backend-update-center2/c02dcbe2c40684f196fd118b3885770963dbc913 Log: JENKINS-43637 Removed blacklisting from PostBuildScript plugin and customized update center warning
          Hide
          Permalink
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Daniel Heid
          Path:
          .gitignore
          pom.xml
          src/main/java/org/jenkinsci/plugins/postbuildscript/PostBuildScript.java
          src/main/java/org/jenkinsci/plugins/postbuildscript/PostBuildScriptListener.java
          src/main/java/org/jenkinsci/plugins/postbuildscript/service/ScriptExecutor.java
          http://jenkins-ci.org/commit/postbuildscript-plugin/3d33744ba1c459beb8e6c46c1112ab236b18a699
          Log:
          Merge pull request #15 from dheid/master

          JENKINS-43637 Secures groovy script execution

          Compare: https://github.com/jenkinsci/postbuildscript-plugin/compare/cdceecee4243...3d33744ba1c4

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Heid Path: .gitignore pom.xml src/main/java/org/jenkinsci/plugins/postbuildscript/PostBuildScript.java src/main/java/org/jenkinsci/plugins/postbuildscript/PostBuildScriptListener.java src/main/java/org/jenkinsci/plugins/postbuildscript/service/ScriptExecutor.java http://jenkins-ci.org/commit/postbuildscript-plugin/3d33744ba1c459beb8e6c46c1112ab236b18a699 Log: Merge pull request #15 from dheid/master JENKINS-43637 Secures groovy script execution Compare: https://github.com/jenkinsci/postbuildscript-plugin/compare/cdceecee4243...3d33744ba1c4
          Hide
          Permalink
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Daniel Heid
          Path:
          src/main/java/org/jenkinsci/plugins/postbuildscript/service/ScriptExecutor.java
          http://jenkins-ci.org/commit/postbuildscript-plugin/a6e82abb5c5be6b5303f548bffc7ebbe9ae27d76
          Log:
          JENKINS-43637 Secures groovy script execution

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Heid Path: src/main/java/org/jenkinsci/plugins/postbuildscript/service/ScriptExecutor.java http://jenkins-ci.org/commit/postbuildscript-plugin/a6e82abb5c5be6b5303f548bffc7ebbe9ae27d76 Log: JENKINS-43637 Secures groovy script execution
          Hide
          Permalink
          dheid Daniel Heid added a comment -

          Hi! I integrated the SecureGroovyScript class into the plugin to solve the mentioned vulnerability:

          https://github.com/jenkinsci/postbuildscript-plugin/pull/15

          Show
          dheid Daniel Heid added a comment - Hi! I integrated the SecureGroovyScript class into the plugin to solve the mentioned vulnerability: https://github.com/jenkinsci/postbuildscript-plugin/pull/15

            People

            Assignee:
            dheid Daniel Heid
            Reporter:
            jhack Giacomo Boccardo
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: