154 matches found
CVE-2022-25182
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already...
CVE-2022-25182
Affected product: Jenkins, specifically Pipeline: Shared Groovy Libraries Plugin. Root cause: earlier versions (552.vd9cc05b8a2e1 and earlier) create directories and library handling based on library names without proper canonicalization, enabling sandbox bypass and arbitrary code execution on th...
CVE-2022-25181
The CVE-2022-25181 issue is a sandbox bypass in Jenkins Pipeline: Shared Groovy Libraries Plugin (552.vd9cc05b8a2e1 and earlier). An attacker with Item/Configure permission can execute arbitrary code in the Jenkins controller JVM through crafted SCM contents if a global Pipeline library exists. T...
CVE-2022-25181
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library alread...
CVE-2022-25178
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...
CVE-2022-25178
CVE-2022-25178 affects Jenkins Pipeline: Shared Groovy Libraries Plugin (552.vd9cc05b8a2e1 and earlier). The vulnerability arises because the plugin does not restrict the names of resources passed to the libraryResource step, enabling attackers with Pipeline configuration permissions to read arbi...
CVE-2022-25178
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...
CVE-2022-25177
CVE-2022-25177 affects Jenkins Pipeline: Shared Groovy Libraries Plugin (552.vd9cc05b8a2e1 and earlier). Root cause: the libraryResource path reading follows symbolic links outside the expected Pipeline library, enabling reading arbitrary files on the Jenkins controller filesystem. Impact: via cr...
CVE-2022-25177
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins...
CVE-2022-25177
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins...
CVE-2022-25174
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
CVE-2022-25174
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
CVE-2022-25174
CVE-2022-25174 affects Jenkins Pipeline: Shared Groovy Libraries Plugin (and related Pipeline plugins) where distinct SCMs shared checkout directories, enabling an attacker with Item/Configure permission to invoke arbitrary OS commands on the controller via crafted SCM contents. Public sources wi...
Jenkins 插件 代码注入漏洞
Jenkins plugins are plugins that provide functionality for Jenkins. A security vulnerability exists in the Jenkins Pipeline: Shared Groovy Libraries plugin 552.vd9cc05b8a2e1 and earlier versions, which stems from the use of the name of a pipeline library to create a cache directory without any...
PT-2022-17121 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 552.vd9cc05b8a2e1 and earlier Description: A sandbox bypass issue allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...
Jenkins Pipeline 后置链接漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Pipeline Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier versions have an arbitrary file read...
PT-2022-17113 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 552.vd9cc05b8a2e1 and earlier Jenkins Pipeline: Shared Groovy Libraries Plugin version 2.18.1 Jenkins Pipeline: Shared Groovy Libraries Plugin version 2.21.1 Description: The issue...
Jenkins Pipeline 路径遍历漏洞
Jenkins Pipeline is a set of plugins that support the implementation and integration of continuous delivery pipelines into Jenkins. A path traversal vulnerability exists in the Jenkins Pipeline Shared Groovy Libraries Plugin, which stems from the fact that Jenkins Pipeline Shared Groovy Libraries...
PT-2022-17116 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 552.vd9cc05b8a2e1 and earlier Description: The issue allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system. This is because the...
Jenkins Pipeline 代码注入漏洞
Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins. A security vulnerability exists in Jenkins Jenkins Pipeline: Shared Groovy Libraries plugin 552.vd9cc05b8a2e1 and earlier versions, which can be exploited by an...