{ "threat_severity" : "Important", "public_date" : "2019-09-12T00:00:00Z", "bugzilla" : { "description" : "jenkins-git-client-plugin: OS command injection via 'git ls-remote'", "id" : "1819704", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1819704" }, "cvss3" : { "cvss3_base_score" : "8.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-78", "details" : [ "Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection." ], "affected_release" : [ { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-06-17T00:00:00Z", "advisory" : "RHSA-2020:2478", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "jenkins-2-plugins-0:3.11.1591354111-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.1", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHBA-2020:0690", "cpe" : "cpe:/a:redhat:openshift:4.1::el7", "package" : "atomic-enterprise-service-catalog-1:4.1.37-202003020601.git.0.5784dc4.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.1", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHBA-2020:0690", "cpe" : "cpe:/a:redhat:openshift:4.1::el7", "package" : "cri-o-0:1.13.12-6.dev.rhaos4.1.git8abaaeb.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.1", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHBA-2020:0690", "cpe" : "cpe:/a:redhat:openshift:4.1::el7", "package" : "jenkins-0:2.204.2.1583849753-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.1", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHBA-2020:0690", "cpe" : "cpe:/a:redhat:openshift:4.1::el7", "package" : "jenkins-2-plugins-0:4.1.1583850385-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.1", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHBA-2020:0690", "cpe" : "cpe:/a:redhat:openshift:4.1::el7", "package" : "openshift-0:4.1.37-202002280447.git.0.543873e.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.1", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHBA-2020:0690", "cpe" : "cpe:/a:redhat:openshift:4.1::el7", "package" : "openshift-ansible-0:4.1.37-202002280447.git.1.bb180eb.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.1", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHBA-2020:0690", "cpe" : "cpe:/a:redhat:openshift:4.1::el7", "package" : "podman-0:1.0.2-3.dev.git96ccc2e.el8_0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.1", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHBA-2020:0690", "cpe" : "cpe:/a:redhat:openshift:4.1::el7", "package" : "runc-0:1.0.0-63.rc8.rhaos4.1.git3cbe540.el8_0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.1", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHBA-2020:0690", "cpe" : "cpe:/a:redhat:openshift:4.1::el7", "package" : "skopeo-1:0.1.32-6.git1715c90.el8_0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHBA-2020:0522", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "atomic-enterprise-service-catalog-1:4.2.20-202002170402.git.1.159e2f5.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHBA-2020:0522", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "atomic-openshift-service-idler-0:4.2.20-202002170402.git.1.43218bc.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHBA-2020:0522", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "cri-o-0:1.14.12-19.dev.rhaos4.2.git313d784.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHBA-2020:0522", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "jenkins-0:2.204.1.1581951349-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHBA-2020:0522", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "jenkins-2-plugins-0:4.2.1581952573-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHBA-2020:0522", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "machine-config-daemon-0:4.2.20-202002170402.git.1.a83336a.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHBA-2020:0522", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift-0:4.2.20-202002140432.git.0.47933cb.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHBA-2020:0522", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift-ansible-0:4.2.20-202002140432.git.187.2308b53.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHBA-2020:0522", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift-clients-0:4.2.20-202002140432.git.1.5dc67c9.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHBA-2020:0522", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift-kuryr-0:4.2.20-202002140432.git.1.d9a72a5.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "atomic-enterprise-service-catalog-1:4.3.3-202002170501.git.1.f30799e.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "atomic-openshift-service-idler-0:4.3.3-202002170501.git.1.4feff9c.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "cri-o-0:1.16.3-22.dev.rhaos4.3.git11c04e3.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "cri-tools-0:1.17.0-1.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "dracut-0:049-64.git20200123.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "jenkins-0:2.204.1.1581950993-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "jenkins-2-plugins-0:4.3.1581956184-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "machine-config-daemon-0:4.3.3-202002170501.git.1.6b1b155.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "openshift-0:4.3.3-202002140552.git.0.e38059c.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "openshift-ansible-0:4.3.3-202002142331.git.173.bb0b5a1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "openshift-clients-0:4.3.3-202002140552.git.1.ff73b47.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "openshift-kuryr-0:4.3.3-202002170501.git.1.3b8b4cc.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "slirp4netns-0:0.4.2-4.git21fdece.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-02-24T00:00:00Z", "advisory" : "RHBA-2020:0527", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "toolbox-0:0.0.6-1.rhaos4.3.el8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-10392\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10392\nhttps://jenkins.io/security/advisory/2019-09-12/#SECURITY-1534" ], "name" : "CVE-2019-10392", "csaw" : false }