Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-h5mv-fv98-gqmq

GitHub Security Advisory

OS command injection vulnerability in Jenkins Play Framework Plugin

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

A form validation endpoint in Play Framework Plugin executes the `play` command to validate a given input file.

Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins controller. This results in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins controller (e.g. through archiving artifacts).

Affected Packages

Maven org.jenkins-ci.plugins:play-autotest-plugin
Affected versions: 0 (last affected: 1.0.2)

Related CVEs

CVE-2020-2200

Key Information

GHSA ID
GHSA-h5mv-fv98-gqmq
Published
May 24, 2022 5:19 PM
Last Modified
December 21, 2022 4:23 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:play-autotest-plugin
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.