Primary

Context

Jenkins Azure CLI Plugin Shell Command Injection Vulnerability

Vulnerability

A shell command injection vulnerability exists in the Jenkins Azure CLI Plugin in versions through 0.9. The plugin does not properly restrict the commands executed on the Jenkins controller. This flaw allows attackers with Item/Configure permission to execute arbitrary shell commands on the controller.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of shell commands on the Jenkins controller, potentially allowing attackers to manipulate the system or access sensitive information.

Added: Oct 29, 2025, 2:27 PM

Updated: Oct 29, 2025, 2:27 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Azure CLI Plugin Shell Command Injection Vulnerability

Vulnerability

Impact

Affected Products

Jenkins Azure CLI Plugin

Jenkins SAML Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating