CVE-2020-2200

Summary

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Play Framework Pluginunspecified <= 1.0.2affected
Jenkins projectJenkins Play Framework Pluginnext of 1.0.2 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References