58 matches found
workflow-multibranch: OS command execution through crafted SCM contents
A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...
workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names
A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...
workflow-multibranch: OS command execution through crafted SCM contents
A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...
workflow-multibranch: OS command execution through crafted SCM contents
A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...
workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names
A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...
workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names
A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...
workflow-multibranch: OS command execution through crafted SCM contents
A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...
RHEL 7 / 8 : OpenShift Container Platform 4.8.35 (RHSA-2022:0871)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0871 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names
A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...
workflow-multibranch: OS command execution through crafted SCM contents
A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...
CVE-2022-25179
A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...
CVE-2022-25175
A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...
Jenkins Pipeline Multibranch Plugin Arbitrary File Read Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins Pipeline Multibranch Plugin 706.vd43c65dec013 and earlier versions contain an arbitrary file reading vulnerability...
GHSA-PJ84-QJM3-77MG Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses distinct checkout directories per SCM for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
com.testinium.jenkins:testinium (=1.0), io.fabric8.jenkins.plugins:openshift-sync (>=0.9.1 <=1.0.45) +34 more potentially affected by CVE-2022-25175 via org.jenkins-ci.plugins.workflow:workflow-multibranch (>=2.0 <=2.9.2)
org.jenkins-ci.plugins.workflow:workflow-multibranch MAVEN version =2.0, =0.9.1, =1.0-alpha-1, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-1, =1.1.0, =1.0-alpha-1, =2021.12.0, =2.2.0, =2.0, =2.5 and more Source cves: CVE-2022-25175 Source advisory:...
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses distinct checkout directories per SCM for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
Link Following in Jenkins Pipeline Multibranch Plugin
Jenkins Pipeline: Multibranch Plugin prior to 2.23.1, 2.26.1, 696.698.v9b4218eea50f, and 707.v71c3f0a6ccdb follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines...
io.fabric8.jenkins.plugins:openshift-sync (>=0.9.1 <=1.0.45), io.jenkins.blueocean:blueocean (>=1.0-alpha-1 <=1.2.0-beta-1) +18 more potentially affected by CVE-2022-25179 via org.jenkins-ci.plugins.workflow:workflow-multibranch (>=2.0 <=2.20)
org.jenkins-ci.plugins.workflow:workflow-multibranch MAVEN version =2.0, =0.9.1, =1.0-alpha-1, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =1.1.0, =1.0-alpha-1, =2.0, =2.0, =1.0, =1.6, =1.6-beta-2 and more Source cves: CVE-2022-25179 Source advisory:...
io.jenkins.plugins:synopsys-sigma (>=2021.12.0 <=2022.1.0) potentially affected by CVE-2022-25179 via org.jenkins-ci.plugins.workflow:workflow-multibranch (=2.24)
org.jenkins-ci.plugins.workflow:workflow-multibranch MAVEN version =2.24 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins.workflow:workflow-multibranch and may be impacted: - io.jenkins.plugins:synopsys-sigma =2021.12.0, =2022.1.0...
GHSA-2M9W-9XH2-WXC3 Link Following in Jenkins Pipeline Multibranch Plugin
Jenkins Pipeline: Multibranch Plugin prior to 2.23.1, 2.26.1, 696.698.v9b4218eea50f, and 707.v71c3f0a6ccdb follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines...