Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents
Reporter | Title | Published | Views | Family All 29 |
---|---|---|---|---|
![]() | Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin | 16 Feb 202200:01 | – | github |
![]() | Design/Logic Flaw | 15 Feb 202217:15 | – | prion |
![]() | OS Command Injection | 21 Apr 202200:42 | – | veracode |
![]() | CVE-2022-25173 | 15 Feb 202216:10 | – | cvelist |
![]() | Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin | 16 Feb 202200:01 | – | osv |
![]() | Red Hat Security Advisory: OpenShift Container Platform 4.7.48 packages and security update | 16 Sep 202407:40 | – | osv |
![]() | Red Hat Security Advisory: OpenShift Container Platform 4.10.6 security update | 16 Sep 202407:40 | – | osv |
![]() | Red Hat Security Advisory: OpenShift Container Platform 3.11.685 security and bug fix update | 16 Sep 202407:54 | – | osv |
![]() | Red Hat Security Advisory: OpenShift Container Platform 4.6.57 packages and security update | 16 Sep 202407:45 | – | osv |
![]() | Red Hat Security Advisory: OpenShift Container Platform 4.9.26 security update | 16 Sep 202407:44 | – | osv |
[
{
"product": "Jenkins Pipeline: Groovy Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "2648.va9433432b33c",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.94.1"
},
{
"status": "unaffected",
"version": "2.92.1"
}
]
}
]
Source | Link |
---|---|
jenkins | www.jenkins.io/security/advisory/2022-02-15/ |
openwall | www.openwall.com/lists/oss-security/2022/02/15/2 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo