Lucene search
JenkinsCVELIST:CVE-2022-25178HistoryFeb 15, 2022 - 4:10 p.m.
CVE-2022-25178
2022-02-1516:10:58
jenkins
www.cve.org
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.
CNA Affected
[
{
"product": "Jenkins Pipeline: Shared Groovy Libraries Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "552.vd9cc05b8a2e1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.21.1"
},
{
"status": "unaffected",
"version": "2.18.1"
}
]
}
]Related
veracode
veracode
Privilege Escalation
2022-04-21 00:42:47
nvd
nvd
CVE-2022-25178
2022-02-15 17:15:08
cve
cve
CVE-2022-25178
2022-02-15 17:15:08
alpinelinux
alpinelinux
CVE-2022-25178
2022-02-15 17:15:08
github
github
osv
osv
redhatcve
redhatcve
CVE-2022-25178
2022-02-17 16:52:36
prion
prion
Design/Logic Flaw
2022-02-15 17:15:00
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.10.6 (RHSA-2022:1025)
2022-03-29 00:00:00
RHEL 8 : OpenShift Container Platform 4.7.48 (RHSA-2022:1248)
2022-04-13 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.6.57 (RHSA-2022:1620)
2022-05-04 00:00:00
redhat
redhat