Lucene search
GoogleOSV:GHSA-7RCW-FWFH-2H2GHistoryFeb 16, 2022 - 12:01 a.m.
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
2022-02-1600:01:31
Google
osv.dev
15
0.001 Low
EPSS
Percentile
43.0%
Jenkins Pipeline: Deprecated Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create directories without canonicalization or sanitization.
This allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured.
Pipeline: Deprecated Groovy Libraries Plugin 561.va_ce0de3c2d69 sanitizes the names of Pipeline libraries when creating library directories.
Related
cve
cve
CVE-2022-25182
2022-02-15 17:15:09
nvd
nvd
CVE-2022-25182
2022-02-15 17:15:09
alpinelinux
alpinelinux
CVE-2022-25182
2022-02-15 17:15:09
github
github
redhatcve
redhatcve
CVE-2022-25182
2022-02-17 16:52:53
veracode
veracode
Remote Code Execution (RCE)
2022-04-21 00:42:55
prion
prion
Security feature bypass
2022-02-15 17:15:00
cvelist
cvelist
CVE-2022-25182
2022-02-15 16:11:05
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.10.6 (RHSA-2022:1025)
2022-03-29 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.6.57 (RHSA-2022:1620)
2022-05-04 00:00:00
RHEL 8 : OpenShift Container Platform 4.7.48 (RHSA-2022:1248)
2022-04-13 00:00:00
redhat
redhat