CVE-2019-10380

Name of the Vulnerable Software and Affected Versions Jenkins Simple Travis Pipeline Runner Plugin versions 1.0 and earlier

Description The issue allows attackers to execute arbitrary code by bypassing the Script Security sandbox protection. This is due to the plugin specifying unsafe values in its custom Script Security whitelist. The custom list of pre-approved signatures for scripts protected by the Script Security sandbox enables the use of methods that can bypass protection, resulting in arbitrary code execution on any Jenkins instance with this plugin installed.

Recommendations For Jenkins Simple Travis Pipeline Runner Plugin versions 1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.