Lucene search
GoogleOSV:GHSA-7W2W-FWPF-9M4HHistoryFeb 16, 2022 - 12:01 a.m.
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
2022-02-1600:01:32
Google
osv.dev
12
0.001 Low
EPSS
Percentile
43.3%
Jenkins Pipeline: Deprecated Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same workspace directory for all checkouts of Pipeline libraries with the same name regardless of the SCM being used and the source of the library configuration.
This allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists.
Pipeline: Deprecated Groovy Libraries Plugin 561.va_ce0de3c2d69 uses distinct checkout directories per SCM for Pipeline libraries.
Related
cnvd
cnvd
Jenkins Pipeline Shared Groovy Libraries Plugin Sandbox Bypass Vulnerability
2022-02-17 00:00:00
nvd
nvd
CVE-2022-25181
2022-02-15 17:15:09
veracode
veracode
Remote Code Execution (RCE)
2022-04-21 00:42:55
cve
cve
CVE-2022-25181
2022-02-15 17:15:09
redhatcve
redhatcve
CVE-2022-25181
2022-02-17 16:52:48
cvelist
cvelist
CVE-2022-25181
2022-02-15 16:11:03
github
github
alpinelinux
alpinelinux
CVE-2022-25181
2022-02-15 17:15:09
prion
prion
Security feature bypass
2022-02-15 17:15:00
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.7.48 (RHSA-2022:1248)
2022-04-13 00:00:00
RHEL 8 : OpenShift Container Platform 4.10.6 (RHSA-2022:1025)
2022-03-29 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.6.57 (RHSA-2022:1620)
2022-05-04 00:00:00
redhat
redhat