PT-2022-17121 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 552.vd9cc05b8a2e1 and earlier Description: A sandbox bypass issue allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

RHEL 8 : OpenShift Container Platform 4.6.51 (RHSA-2021:4799)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4799 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

PT-2021-4993 · Jenkins · Remoting Security Workaround Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier Description: The issue is related to the implementation of the FilePath API in the Jenkins automation server, which does not limit agent read/write access to the libs/...

CVE-2019-10357

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries...

jenkins-plugin-workflow-cps-global-lib: Missing permission check in Pipeline: Shared Groovy Libraries Plugin

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries...

jenkins-plugin-workflow-cps-global-lib: Missing permission check in Pipeline: Shared Groovy Libraries Plugin

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries...

CVE-2019-10357

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries...

CVE-2019-10357

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries...

PT-2019-11753 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 2.14 and earlier Description: A missing permission check in the plugin allowed users with Overall/Read access to obtain limited information about the content of SCM repositories...