17 matches found
EUVD-2022-1130
Malicious code in bioql PyPI...
GHSA-PJ84-QJM3-77MG Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses distinct checkout directories per SCM for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
GHSA-2M9W-9XH2-WXC3 Link Following in Jenkins Pipeline Multibranch Plugin
Jenkins Pipeline: Multibranch Plugin prior to 2.23.1, 2.26.1, 696.698.v9b4218eea50f, and 707.v71c3f0a6ccdb follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines...
CVE-2022-25179
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the...
CVE-2022-25175
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
CVE-2022-25175
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
CVE-2022-25179
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the...
Design/Logic Flaw
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
CVE-2022-25175
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
Design/Logic Flaw
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the...
CVE-2022-25179
CVE-2022-25179 affects Jenkins Pipeline: Multibranch Plugin (706.vd43c65dec013 and earlier). The issue: the readTrusted step can follow symbolic links outside the configured SCM checkout, allowing attackers with Pipeline Configure permission to read arbitrary files on the Jenkins controller files...
CVE-2022-25175
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
Jenkins Pipeline: Multibranch Plugin 操作系统命令注入漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Pipeline:...
PT-2022-17114 · Jenkins · Jenkins Pipeline: Multibranch Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Multibranch Plugin versions 706.vd43c65dec013 and earlier Description: The issue allows attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This is possibl...
CVE-2022-25175
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
CVE-2022-25179
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the...
CVE-2022-25175
CVE-2022-25175 affects Jenkins Pipeline: Multibranch Plugin (up to 706.vd43c65dec013 and older) where readTrusted uses the same checkout directories for distinct SCMs. This enables attackers with Item/Configure permission to invoke arbitrary OS commands on the controller via crafted SCM contents....