Lucene search
Redhat.comRH:CVE-2022-25181HistoryFeb 17, 2022 - 4:52 p.m.
CVE-2022-25181
2022-02-1716:52:48
redhat.com
access.redhat.com
22
0.001 Low
EPSS
Percentile
42.9%
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller, JVM, through crafted SCM contents if a global Pipeline library already exists.
Related
cnvd
cnvd
Jenkins Pipeline Shared Groovy Libraries Plugin Sandbox Bypass Vulnerability
2022-02-17 00:00:00
osv
osv
veracode
veracode
Remote Code Execution (RCE)
2022-04-21 00:42:55
cve
cve
CVE-2022-25181
2022-02-15 17:15:00
prion
prion
Security feature bypass
2022-02-15 17:15:00
cvelist
cvelist
CVE-2022-25181
2022-02-15 16:11:03
github
github
alpinelinux
alpinelinux
CVE-2022-25181
2022-02-15 17:15:00
redhat
redhat
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.7.48 (RHSA-2022:1248)
2022-04-13 00:00:00
RHEL 8 : OpenShift Container Platform 4.10.6 (RHSA-2022:1025)
2022-03-29 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.6.57 (RHSA-2022:1620)
2022-05-04 00:00:00