Lucene search
JenkinsCVELIST:CVE-2022-25176HistoryFeb 15, 2022 - 4:10 p.m.
CVE-2022-25176
2022-02-1516:10:55
jenkins
www.cve.org
6
jenkins
pipeline
groovy
plugin
vulnerability
arbitrary files
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.
CNA Affected
[
{
"product": "Jenkins Pipeline: Groovy Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "2648.va9433432b33c",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.94.1"
},
{
"status": "unaffected",
"version": "2.92.1"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-02-15 17:15:00
cve
cve
CVE-2022-25176
2022-02-15 17:15:08
alpinelinux
alpinelinux
CVE-2022-25176
2022-02-15 17:15:08
github
github
osv
osv
nvd
nvd
CVE-2022-25176
2022-02-15 17:15:08
redhatcve
redhatcve
CVE-2022-25176
2022-02-17 16:38:20
veracode
veracode
Privilege Escalation
2022-04-21 00:42:40
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.7.48 (RHSA-2022:1248)
2022-04-13 00:00:00
RHEL 8 : OpenShift Container Platform 4.9.26 (RHSA-2022:1021)
2022-03-29 00:00:00
RHEL 7 : OpenShift Container Platform 3.11.685 (RHSA-2022:1420)
2022-04-27 00:00:00
redhat
redhat