Miggo Logo
Miggo Vulnerability Database
CVE-2020-2200

CVE-2020-2200: OS command injection vulnerability in Jenkins Play Framework Plugin

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-2200
GHSA ID
GHSA-h5mv-fv98-gqmq
EPSS Score
0.85219%
CWE
CWE-78
Published
5/24/2022
Updated
1/29/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:play-autotest-pluginmaven<= 1.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from a form validation endpoint that executes the 'play' command using user-specified paths. Jenkins plugin form validation methods typically follow the doCheck[FieldName] pattern in DescriptorImpl classes. The exposure occurs when building OS commands with unvalidated user input (CWE-78). The descriptor method handling the 'play command path' field validation would be responsible for constructing and executing validation commands, making it the likely injection point. The high confidence comes from the direct match between the vulnerability description and common Jenkins plugin implementation patterns for form validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *orm v*li**tion *n*point in Pl*y *r*m*work Plu*in *x**ut*s t** `pl*y` *omm*n* to v*li**t* * *iv*n input *il*. Pl*y *r*m*work Plu*in *.*.* *n* **rli*r l*ts us*rs sp**i*y t** p*t* to t** `pl*y` *omm*n* on t** J*nkins *ontroll*r. T*is r*sults in *n O

Reasoning

T** vuln*r**ility st*ms *rom * *orm `v*li**tion` *n*point t**t *x**ut*s t** 'pl*y' *omm*n* usin* us*r-sp**i*i** p*t*s. `J*nkins` plu*in *orm `v*li**tion` m*t*o*s typi**lly *ollow t** `*o****k[*i*l*N*m*]` p*tt*rn in `**s*riptorImpl` *l*ss*s. T** *xpos