{"id":"CVE-2019-10392","details":"Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.","aliases":["GHSA-hw6x-2qwv-rxr7"],"modified":"2026-05-18T13:11:29.062501Z","published":"2019-09-12T14:15:11.257Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/09/12/2"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1534"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/git-client-plugin","events":[{"introduced":"0"},{"last_affected":"72add81da4cbeabc95504ebdb9007d47ac1c2b0b"},{"last_affected":"90cada592aa14509afd67d58c23449f5363dae22"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.8.4"},{"last_affected":"3.0.0-rc"}],"source":"CPE_FIELD","cpe":["cpe:2.3:a:jenkins:git_client:*:*:*:*:*:jenkins:*:*","cpe:2.3:a:jenkins:git_client:3.0.0:rc:*:*:*:jenkins:*:*"]}}],"versions":["git-client-2.8.4","git-client-2.8.3","git-client-2.8.2","git-client-2.8.1","git-client-2.8.0","git-client-2.7.7","git-client-3.0.0-rc","git-client-2.7.6","git-client-2.7.5","git-client-2.7.4","git-client-3.0.0-beta5","git-client-3.0.0-beta4","git-client-2.7.3","git-client-3.0.0-beta3","git-client-2.7.2","git-client-3.0.0-beta2","git-client-3.0.0-beta1","git-client-2.7.1","git-client-2.7.0","git-client-2.6.0","git-client-2.5.0","git-client-2.4.6","git-client-2.4.5","git-client-2.4.4","git-client-2.4.3","git-client-2.4.2","git-client-2.4.1","git-client-2.4.0","git-client-2.3.0","git-client-2.2.1","git-client-2.2.0","git-client-2.1.0","git-client-1.21.0","git-client-1.20.2","git-client-1.20.1","git-client-1.20.0","git-client-1.19.7","git-client-1.19.6","git-client-1.19.5","git-client-1.19.4","git-client-1.19.3","git-client-1.19.2","git-client-1.19.1","git-client-1.19.0","git-client-1.18.0","git-client-1.16.1","git-client-1.17.0","git-client-1.16.0","git-client-1.15.0","git-client-1.14.1","git-client-1.14.0","git-client-1.13.0","git-client-1.12.0","git-client-1.11.1","git-client-1.11.0","git-client-1.10.2","git-client-1.10.1","git-client-1.10.0","git-client-1.9.2","git-client-1.9.1","git-client-1.9.0","git-client-1.8.1","git-client-1.8.0","git-client-1.7.0","git-client-1.6.6","git-client-1.6.5","git-client-1.6.4","git-client-1.6.3","git-client-1.6.2","git-client-1.6.1","git-client-1.6.0","git-client-1.5.1","git-client-1.5.0","git-client-1.4.4","git-client-1.4.3","git-client-1.4.2","git-client-1.4.1","git-client-1.4.0","git-client-1.3.0","git-client-1.2.0","git-client-1.1.2","git-client-1.1.1","git-client-1.1","git-client-1.0.6","git-client-1.0.4","git-client-1.0.5","git-client-1.0.2","git-client-1.0.1","git-client-1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10392.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}