Date: Thu, 25 Jan 2018 09:58:09 +0100 From: Daniel Beck <ml@...kweb.net> To: oss-security@...ts.openwall.com Subject: Re: Jenkins EC2 Plugin 1.37 and earlier arbitrary shell command execution > On 6. Dec 2017, at 14:37, Daniel Beck <ml@...kweb.net> wrote: > > SECURITY-643 > Users with permission to create or configure agents in Jenkins could > configure an EC2 agent to run arbitrary shell commands on the master node > whenever the agent was supposed to be launched. > > Configuration of these agents now requires the 'Run Scripts' permission > typically only granted to administrators. CVE-2017-1000502
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ