'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:jenkins_git_client_rce_vul(Rule ID:1070210201)

Release Date2025/9/15

Rule NameCVE-2019-10392: Jenkins Git Client Remote Code Execution Vulnerability

Severity:high

CVE IDCVE-2019-10392

 

Descripiton

Cloudbees Jenkins (Hudson Labs) is a set of Java-based continuous integration tools in CLOUDBEES. This product is mainly used to monitor continuous software versions publish / test items and some timing execution tasks. Git Client Plugin is a GIT client plugin in it. Cloudbees Jenkins Git Client Plugin 2.8.4 and previous versions There is an operating system command injecting vulnerability. An attacker can use this vulnerability to perform an operating system command. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.