Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.jenkins-ci.plugins:azure-cli(Maven) | 0 | N/A | N/A |
CVSS Metrics
