Lucene search
+L

182 matches found

Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.18 views

Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds. This allows attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline. Pipeline: Groovy Plugin...

4.3CVSS6.2AI score0.00528EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/02/15 5:15 p.m.14 views

CVE-2022-25173

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted...

8.8CVSS0.01444EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.7 views

CVE-2022-25173

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted...

8.8CVSS7.4AI score0.01444EPSS
Exploits0References3
NVD
NVD
added 2022/02/15 5:15 p.m.21 views

CVE-2022-25176

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on t...

6.5CVSS0.01742EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.7 views

CVE-2022-25176

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on t...

6.5CVSS6.7AI score0.01742EPSS
Exploits0References3
OSV
OSV
added 2022/02/15 5:15 p.m.4 views

CVE-2022-25173

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted...

8.8CVSS8.1AI score
Exploits0References2
NVD
NVD
added 2022/02/15 5:15 p.m.14 views

CVE-2022-25180

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

4.3CVSS0.00528EPSS
Exploits0References1
OSV
OSV
added 2022/02/15 5:15 p.m.5 views

CVE-2022-25180

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

4.3CVSS5.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.6 views

CVE-2022-25180

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

4.3CVSS5.8AI score0.00528EPSS
Exploits0References2
OSV
OSV
added 2022/02/15 5:15 p.m.5 views

CVE-2022-25176

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on t...

6.5CVSS5.6AI score
Exploits0References1
Prion
Prion
added 2022/02/15 5:15 p.m.25 views

Design/Logic Flaw

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on t...

4CVSS7.2AI score0.01742EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/15 4:11 p.m.19 views

CVE-2022-25180

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

6.4AI score0.00528EPSS
Exploits0References1
CVE
CVE
added 2022/02/15 4:11 p.m.206 views

CVE-2022-25180

CVE-2022-25180 affects Jenkins Pipeline: Groovy Plugin. Vulnerable until versions 2648.va9433432b33c and earlier, where password parameters from the original build are included in replayed builds. This allows attackers with Run/Replay permission to obtain values of password parameters from previo...

4.3CVSS4.6AI score0.00528EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2022/02/15 4:11 p.m.43 views

CVE-2022-25180

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

4.3CVSS4.2AI score0.00528EPSS
Exploits0References1
CVE
CVE
added 2022/02/15 4:10 p.m.205 views

CVE-2022-25176

CVE-2022-25176 is an in-scope vulnerability affecting Jenkins Pipeline-related plugins (notably Pipeline: Groovy Plugin and related modules) where reading the script file (Jenkinsfile) can follow symbolic links outside the configured SCM checkout, enabling an attacker with Pipeline configuration ...

6.5CVSS6.5AI score0.01742EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/02/15 4:10 p.m.21 views

CVE-2022-25176

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on t...

7AI score0.01742EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2022/02/15 4:10 p.m.71 views

CVE-2022-25176

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on t...

6.5CVSS3.5AI score0.01742EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/15 4:10 p.m.19 views

CVE-2022-25173

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted...

8.9AI score0.01444EPSS
Exploits0References2
CVE
CVE
added 2022/02/15 4:10 p.m.236 views

CVE-2022-25173

CVE-2022-25173 affects Jenkins’ Pipeline components, notably the Pipeline: Groovy Plugin and related plugins, where multiple SCM checkouts reuse the same workspace/directory when reading a script file (Jenkinsfile). This can enable attackers with Item/Configure permission to trigger arbitrary OS ...

8.8CVSS8.5AI score0.01444EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2022/02/15 4:10 p.m.52 views

CVE-2022-25173

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted...

8.8CVSS4.1AI score0.01444EPSS
Exploits0References2
Rows per page
Query Builder