Jenkins REPO Plugin 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins REPO Plugin 1.14.0 and...

PT-2022-20401 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.11.1 and earlier Description: The issue allows attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs. This enables...

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...

workflow-cps: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through craft...

workflow-cps-global-lib: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

workflow-cps: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through craft...

workflow-cps-global-lib: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

workflow-multibranch: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...

workflow-cps-global-lib: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

CVE-2022-29047

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...

workflow-cps-global-lib: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

workflow-multibranch: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

workflow-cps: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through craft...

workflow-multibranch: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

CVE-2022-25175

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

Jenkins Pipeline 操作系统命令注入漏洞

Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins. Jenkins Pipeline has a security vulnerability that can be exploited by an attacker to invoke arbitrary OS commands on the controller by crafting SCM content...