Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.

Affected Packages

Maven org.jvnet.hudson.plugins:selection-tasks-plugin

Affected versions: 0 (last affected: 1.0)

Related CVEs

CVE-2020-2276

Key Information

GHSA ID

GHSA-79h8-7735-v3f9

Published

May 24, 2022 5:28 PM

Last Modified

December 28, 2022 10:49 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jvnet.hudson.plugins:selection-tasks-plugin

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.