Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jenkins Katalon Plugin 安全漏洞
Vulnerability Description
Jenkins和Jenkins Plugin都是Jenkins开源的产品。Jenkins是一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。Jenkins Plugin是一个应用软件。 Jenkins Katalon Plugin 1.0.32及之前版本存在安全漏洞,该漏洞源于代理控制器信息不限制可以执行的位置,并允许使用可配置的参数调用Katalon,攻击者能够控制代理进程以使用攻击者控制的版本、安装位置和参数在Jenkins 控制器上调用Katalon,
CVSS Information
N/A
Vulnerability Type
N/A