Lucene search
K

58 matches found

RedHat Linux
RedHat Linux
added 2022/04/27 7:44 a.m.5 views

workflow-multibranch: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

8.8CVSS5.9AI score0.01404EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/13 1:49 p.m.3 views

workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...

6.5CVSS5.8AI score0.01786EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/13 1:49 p.m.3 views

workflow-multibranch: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

8.8CVSS5.9AI score0.01404EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.8 views

workflow-multibranch: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

8.8CVSS5.9AI score0.01404EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.6 views

workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...

6.5CVSS5.8AI score0.01786EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.5 views

workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...

6.5CVSS5.8AI score0.01786EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.11 views

workflow-multibranch: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

8.8CVSS5.9AI score0.01404EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/03/23 12:0 a.m.48 views

RHEL 7 / 8 : OpenShift Container Platform 4.8.35 (RHSA-2022:0871)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0871 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

9CVSS7.5AI score0.7855EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2022/03/22 5:31 p.m.2 views

workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...

6.5CVSS5.8AI score0.01786EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/22 5:31 p.m.4 views

workflow-multibranch: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

8.8CVSS5.9AI score0.01404EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/02/17 4:52 p.m.67 views

CVE-2022-25179

A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...

6.5CVSS3.6AI score0.01786EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/02/17 3:20 p.m.52 views

CVE-2022-25175

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

8.8CVSS5.2AI score0.01404EPSS
Exploits0References3
CNVD
CNVD
added 2022/02/17 12:0 a.m.37 views

Jenkins Pipeline Multibranch Plugin Arbitrary File Read Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins Pipeline Multibranch Plugin 706.vd43c65dec013 and earlier versions contain an arbitrary file reading vulnerability...

6.5CVSS0.8AI score0.01786EPSS
Exploits0References1
OSV
OSV
added 2022/02/16 12:1 a.m.37 views

GHSA-PJ84-QJM3-77MG Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses distinct checkout directories per SCM for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

8.8CVSS8.6AI score0.01404EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/02/16 12:1 a.m.9 views

com.testinium.jenkins:testinium (=1.0), io.fabric8.jenkins.plugins:openshift-sync (>=0.9.1 <=1.0.45) +34 more potentially affected by CVE-2022-25175 via org.jenkins-ci.plugins.workflow:workflow-multibranch (>=2.0 <=2.9.2)

org.jenkins-ci.plugins.workflow:workflow-multibranch MAVEN version =2.0, =0.9.1, =1.0-alpha-1, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-1, =1.1.0, =1.0-alpha-1, =2021.12.0, =2.2.0, =2.0, =2.5 and more Source cves: CVE-2022-25175 Source advisory:...

8.8CVSS7.6AI score0.01404EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.33 views

Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses distinct checkout directories per SCM for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

8.8CVSS4.4AI score0.01404EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.39 views

Link Following in Jenkins Pipeline Multibranch Plugin

Jenkins Pipeline: Multibranch Plugin prior to 2.23.1, 2.26.1, 696.698.v9b4218eea50f, and 707.v71c3f0a6ccdb follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines...

6.5CVSS7.3AI score0.01786EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/02/16 12:1 a.m.5 views

io.fabric8.jenkins.plugins:openshift-sync (>=0.9.1 <=1.0.45), io.jenkins.blueocean:blueocean (>=1.0-alpha-1 <=1.2.0-beta-1) +18 more potentially affected by CVE-2022-25179 via org.jenkins-ci.plugins.workflow:workflow-multibranch (>=2.0 <=2.20)

org.jenkins-ci.plugins.workflow:workflow-multibranch MAVEN version =2.0, =0.9.1, =1.0-alpha-1, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =1.1.0, =1.0-alpha-1, =2.0, =2.0, =1.0, =1.6, =1.6-beta-2 and more Source cves: CVE-2022-25179 Source advisory:...

6.5CVSS6.5AI score0.01786EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/02/16 12:1 a.m.7 views

io.jenkins.plugins:synopsys-sigma (>=2021.12.0 <=2022.1.0) potentially affected by CVE-2022-25179 via org.jenkins-ci.plugins.workflow:workflow-multibranch (=2.24)

org.jenkins-ci.plugins.workflow:workflow-multibranch MAVEN version =2.24 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins.workflow:workflow-multibranch and may be impacted: - io.jenkins.plugins:synopsys-sigma =2021.12.0, =2022.1.0...

6.5CVSS6.5AI score0.01786EPSS
Exploits0
OSV
OSV
added 2022/02/16 12:1 a.m.52 views

GHSA-2M9W-9XH2-WXC3 Link Following in Jenkins Pipeline Multibranch Plugin

Jenkins Pipeline: Multibranch Plugin prior to 2.23.1, 2.26.1, 696.698.v9b4218eea50f, and 707.v71c3f0a6ccdb follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines...

6.5CVSS7.2AI score0.01786EPSS
Exploits0References3
Rows per page
Query Builder