Lucene search
Veracode Vulnerability DatabaseVERACODE:35173HistoryApr 21, 2022 - 12:42 a.m.
OS Command Injection
2022-04-2100:42:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
jenkins
pipeline
os command injection
vulnerability
controlle
scm
confidentiality
integrity
availability
flaw
EPSS
0.001
Percentile
45.9%
Jenkins Pipeline is vulnerable to OS command injection. It uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This allows attackers to compromise confidentiality, integrity, and availability.
Related
prion
prion
Design/Logic Flaw
2022-02-15 17:15:00
redhatcve
redhatcve
CVE-2022-25174
2022-02-17 15:47:50
cvelist
cvelist
CVE-2022-25174
2022-02-15 16:10:52
nvd
nvd
CVE-2022-25174
2022-02-15 17:15:08
alpinelinux
alpinelinux
CVE-2022-25174
2022-02-15 17:15:08
osv
osv
cve
cve
CVE-2022-25174
2022-02-15 17:15:08
github
github
redhat
redhat
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.7.48 (RHSA-2022:1248)
2022-04-13 00:00:00
RHEL 8 : OpenShift Container Platform 4.10.6 (RHSA-2022:1025)
2022-03-29 00:00:00
RHEL 8 : OpenShift Container Platform 4.9.26 (RHSA-2022:1021)
2022-03-29 00:00:00