CVE-2020-2261
maven/io.jenkins.plugins/perfecto
OS Command Injection
Jenkins Perfecto Plugin executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
All versions up to 1.17
Unfortunately, there is no solution available yet.
2020-09-21
source |