Lucene search
K

180 matches found

RedHat Linux
RedHat Linux
added 2022/04/13 1:49 p.m.6 views

workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Groovy Plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers who can configure Pipelines to read arbitrary files on...

6.5CVSS5.8AI score0.01742EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.5 views

workflow-cps: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through craft...

8.8CVSS5.9AI score0.01444EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.7 views

workflow-cps: Password parameters are included from the original build in replayed builds

A flaw was found in Jenkins. The Pipeline: Groovy Plugin includes password parameters from the original build in replayed builds. This flaw allows attackers with run/replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

4.3CVSS5.7AI score0.00528EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.5 views

workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Groovy Plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers who can configure Pipelines to read arbitrary files on...

6.5CVSS5.8AI score0.01742EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.8 views

workflow-cps: Password parameters are included from the original build in replayed builds

A flaw was found in Jenkins. The Pipeline: Groovy Plugin includes password parameters from the original build in replayed builds. This flaw allows attackers with run/replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

4.3CVSS5.7AI score0.00528EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.9 views

workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Groovy Plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers who can configure Pipelines to read arbitrary files on...

6.5CVSS5.8AI score0.01742EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.10 views

workflow-cps: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through craft...

8.8CVSS5.9AI score0.01444EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/22 5:31 p.m.5 views

workflow-cps: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through craft...

8.8CVSS5.9AI score0.01444EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/22 5:31 p.m.5 views

workflow-cps: Password parameters are included from the original build in replayed builds

A flaw was found in Jenkins. The Pipeline: Groovy Plugin includes password parameters from the original build in replayed builds. This flaw allows attackers with run/replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

4.3CVSS5.7AI score0.00528EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/02/17 4:52 p.m.61 views

CVE-2022-25180

A flaw was found in Jenkins. The Pipeline: Groovy Plugin includes password parameters from the original build in replayed builds. This flaw allows attackers with run/replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

4.3CVSS4.2AI score0.00528EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/02/17 4:38 p.m.56 views

CVE-2022-25176

A flaw was found in Jenkins. The Pipeline: Groovy Plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers who can configure Pipelines to read arbitrary files on...

6.5CVSS3.2AI score0.01742EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/02/17 3:47 p.m.91 views

CVE-2022-25173

A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through craft...

8.8CVSS3.8AI score0.01444EPSS
Exploits0References3
CNVD
CNVD
added 2022/02/17 12:0 a.m.19 views

Jenkins Pipeline Groovy Plugin信息泄露漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Pipeline Groovy Plugin 2648.va9433432b33c and earlier versions are vulnerable to an information disclosure...

4.3CVSS1.1AI score0.00528EPSS
Exploits0References1
OSV
OSV
added 2022/02/16 12:1 a.m.19 views

GHSA-4M7P-55JM-3VWV Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin

Jenkins Pipeline: Groovy Plugin prior to 2656.vf7ae7b75a457, 2.94.1, and 2.92.1 uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controlle...

8.8CVSS8.6AI score0.01444EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.42 views

Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin

Jenkins Pipeline: Groovy Plugin prior to 2656.vf7ae7b75a457, 2.94.1, and 2.92.1 uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controlle...

8.8CVSS8.4AI score0.01444EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.31 views

Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on t...

6.5CVSS2AI score0.01742EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/16 12:1 a.m.21 views

GHSA-6473-GQRJ-4P65 Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file typically Jenkinsfile for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on t...

6.5CVSS7.2AI score0.01742EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.16 views

Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds. This allows attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline. Pipeline: Groovy Plugin...

4.3CVSS6.2AI score0.00528EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/02/16 12:1 a.m.16 views

GHSA-QV6Q-X9VR-W7J3 Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds. This allows attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline. Pipeline: Groovy Plugin...

4.3CVSS5.9AI score0.00528EPSS
Exploits0References3
OSV
OSV
added 2022/02/15 5:15 p.m.5 views

CVE-2022-25180

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

4.3CVSS5.4AI score
Exploits0References1
Rows per page
Query Builder