Lucene search
China National Vulnerability DatabaseCNVD-2022-16728HistoryMar 04, 2022 - 12:00 a.m.
Jenkins Pipeline Shared Groovy Libraries Plugin Arbitrary File Read Vulnerability
2022-03-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
0.001 Low
EPSS
Percentile
28.6%
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Pipeline Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier versions have an arbitrary file read vulnerability that stems from sharing Groovy Libraries Plugin does not restrict the resource names passed to the libraryResource step. An attacker could use this vulnerability to configure pipeline permissions to read arbitrary files on the Jenkins controller file system.
Related
veracode
veracode
Symbolic Link
2022-04-21 00:42:47
github
github
prion
prion
Design/Logic Flaw
2022-02-15 17:15:00
cvelist
cvelist
CVE-2022-25177
2022-02-15 16:10:56
cve
cve
CVE-2022-25177
2022-02-15 17:15:08
nvd
nvd
CVE-2022-25177
2022-02-15 17:15:08
redhatcve
redhatcve
CVE-2022-25177
2022-02-17 16:52:36
alpinelinux
alpinelinux
CVE-2022-25177
2022-02-15 17:15:08
osv
osv
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.10.6 (RHSA-2022:1025)
2022-03-29 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.6.57 (RHSA-2022:1620)
2022-05-04 00:00:00
RHEL 8 : OpenShift Container Platform 4.9.26 (RHSA-2022:1021)
2022-03-29 00:00:00
redhat
redhat