CryptoMove Plugin 0.1.33 and earlier allows the configuration of an OS command to execute as part of its build step configuration. This command will be executed on the Jenkins controller as the OS user account running Jenkins, allowing user with Job/Configure permission to execute an arbitrary OS command on the Jenkins controller.

Affected Packages

Maven io.jenkins.plugins:cryptomove

Affected versions: 0 (last affected: 0.1.33)

Related CVEs

CVE-2020-2159

Key Information

GHSA ID

GHSA-p5x5-jg3j-2jcj

Published

May 24, 2022 5:10 PM

Last Modified

January 5, 2023 9:09 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

io.jenkins.plugins:cryptomove

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.