Lucene search
K

154 matches found

RedhatCVE
RedhatCVE
added 2022/04/13 9:54 a.m.64 views

CVE-2022-29047

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

7.3CVSS1.6AI score0.01116EPSS
Exploits0References4
OSV
OSV
added 2022/04/13 12:0 a.m.30 views

GHSA-HH6F-6FP5-GFPV Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin

Multibranch Pipelines by default limit who can change the Pipeline definition from the Jenkinsfile. This is useful for SCMs like GitHub: Jenkins can build content from users without commit access, but who can submit pull requests, without granting them the ability to modify the Pipeline definitio...

7.3CVSS5.8AI score0.01116EPSS
Exploits0References4
NVD
NVD
added 2022/04/12 8:15 p.m.20 views

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

5.3CVSS0.01116EPSS
Exploits0References1
OSV
OSV
added 2022/04/12 8:15 p.m.3 views

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

5.3CVSS6.1AI score0.01116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.3 views

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

5.3CVSS6.1AI score0.01116EPSS
Exploits0References2
Prion
Prion
added 2022/04/12 8:15 p.m.27 views

Design/Logic Flaw

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

5CVSS5.3AI score0.01116EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/12 7:50 p.m.31 views

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

5.8AI score0.01116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/04/12 7:50 p.m.16 views

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

6.5AI score0.01116EPSS
Exploits0References1
CVE
CVE
added 2022/04/12 7:50 p.m.195 views

CVE-2022-29047

CVE-2022-29047 affects Jenkins Pipeline: Shared Groovy Libraries Plugin (versions 564.ve62a_4eb_b_e039 and earlier, except 2.21.3). The vulnerability allows attackers who can submit pull requests (but cannot commit to SCM) to change the definition of a dynamically retrieved library, effectively a...

5.3CVSS5.3AI score0.01116EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.3 views

Jenkins Pipeline访问控制错误漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Pipeline is a suite of plugins that support the implementation and integration of continuous delivery pipelines int...

5.3CVSS5.8AI score0.01116EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.5 views

PT-2022-19387 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 564.ve62a 4eb b e039 and earlier, except version 2.21.3 Description: The issue allows attackers who can submit pull requests, but not commit directly to the configured SCM, to change t...

7.3CVSS5.3AI score0.01116EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.5 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...

8.8CVSS6.1AI score0.01571EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.4 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...

8.8CVSS6.1AI score0.01601EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.11 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...

8.8CVSS6.1AI score0.01601EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.8 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...

8.8CVSS6.1AI score0.01571EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.6 views

workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controll...

6.5CVSS5.8AI score0.01742EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.9 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...

8.8CVSS6.1AI score0.01601EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/22 5:31 p.m.3 views

workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries does not restrict the names of resources passed to the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system...

6.5CVSS5.8AI score0.01668EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/22 5:31 p.m.3 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...

8.8CVSS6.1AI score0.01601EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/22 5:31 p.m.3 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...

8.8CVSS6.1AI score0.01601EPSS
Exploits0References4
Rows per page
Query Builder