Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.4 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...

8.8CVSS6.1AI score0.01601EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/02/17 4:52 p.m.72 views

CVE-2022-25182

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...

8.8CVSS5.2AI score0.01601EPSS
Exploits0References3
NVD
NVD
added 2022/02/15 5:15 p.m.22 views

CVE-2022-25182

A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already...

8.8CVSS0.01601EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2022/02/15 4:11 p.m.49 views

CVE-2022-25183

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using...

8.8CVSS4.6AI score0.01571EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.1 views

PT-2022-17122 · Jenkins · Jenkins Pipeline: Deprecated Groovy Libraries Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 552.vd9cc05b8a2e1 and earlier Jenkins Pipeline: Deprecated Groovy Libraries Plugin versions 552.vd9cc05b8a2e1 and earlier Description: A sandbox bypass issue allows attackers with...

8.8CVSS8.9AI score0.01601EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.2 views

PT-2022-17123 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 552.vd9cc05b8a2e1 and earlier Description: The issue allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using...

8.8CVSS8.7AI score0.01571EPSS
Exploits0References8
Rows per page
Query Builder