83 matches found
RHCOS 3 : Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:2651)
The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2651 advisory. - jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin CVE-2019-10355 -...
Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin
A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...
Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin
A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...
RHEL 8 : OpenShift Container Platform 4.7.52 paackages (RHSA-2022:4909)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4909 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin
A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...
Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin
A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries...
RHEL 8 : OpenShift Container Platform 4.9.33 (RHSA-2022:2205)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:2205 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin
A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...
Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.10 / 2.332.2.6 Multiple Vulnerabilities (CloudBees Security Advisory 2022-04-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.10, or 2.x prior to 2.332.2.6. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Pipeline: Shared Groovy Libraries Plugin...
workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries does not restrict the names of resources passed to the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...
Sandbox Bypass
Jenkins Pipeline is vulnerable to sandbox bypass. It uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...
workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controll...
workflow-cps-global-lib: OS command execution through crafted SCM contents
A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...
CVE-2022-29047
A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...
CVE-2022-29047
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...
CVE-2022-29047
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...
Design/Logic Flaw
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...
CVE-2022-29047
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...