Lucene search

K

CVE-2022-25173

🗓️ 15 Feb 2022 17:08:15Reported by jenkinsType 
cve
 cve
🔗 web.nvd.nist.gov👁 198 Views

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents

Show more
Related
Detection
Affected
Refs
Nvd
Node
jenkinspipeline\Match_groovyjenkins
[
  {
    "product": "Jenkins Pipeline: Groovy Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "2648.va9433432b33c",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "2.94.1"
      },
      {
        "status": "unaffected",
        "version": "2.92.1"
      }
    ]
  }
]

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 Feb 2022 17:15Current
8.5High risk
Vulners AI Score8.5
CVSS26.5
CVSS38.8
EPSS0.004
198
.json
Report