154 matches found
CVE-2022-29047
A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...
GHSA-HH6F-6FP5-GFPV Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
Multibranch Pipelines by default limit who can change the Pipeline definition from the Jenkinsfile. This is useful for SCMs like GitHub: Jenkins can build content from users without commit access, but who can submit pull requests, without granting them the ability to modify the Pipeline definitio...
CVE-2022-29047
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...
CVE-2022-29047
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...
CVE-2022-29047
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...
Design/Logic Flaw
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...
CVE-2022-29047
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...
CVE-2022-29047
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...
CVE-2022-29047
CVE-2022-29047 affects Jenkins Pipeline: Shared Groovy Libraries Plugin (versions 564.ve62a_4eb_b_e039 and earlier, except 2.21.3). The vulnerability allows attackers who can submit pull requests (but cannot commit to SCM) to change the definition of a dynamically retrieved library, effectively a...
Jenkins Pipeline访问控制错误漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Pipeline is a suite of plugins that support the implementation and integration of continuous delivery pipelines int...
PT-2022-19387 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 564.ve62a 4eb b e039 and earlier, except version 2.21.3 Description: The issue allows attackers who can submit pull requests, but not commit directly to the configured SCM, to change t...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...
workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controll...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...
workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries does not restrict the names of resources passed to the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...