Jenkins: >> Debian Package Builder >> 1.5.0 Security Vulnerabilities
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.
CVSS Score
8.8
EPSS Score
0.055
Published
2022-01-12
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-02-12