CVE-2022-30952

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...

Jenkins plugins Multiple Vulnerabilities (2022-05-17)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenki...

io.jenkins.blueocean:blueocean (>=1.1.0 <=1.1.7), io.jenkins.blueocean:blueocean-events (>=1.1.0 <=1.1.7) +3 more potentially affected by CVE-2022-30952 via io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.1.0-beta-4 <=1.1.7)

io.jenkins.blueocean:blueocean-pipeline-scm-api MAVEN version =1.1.0-beta-4, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.7 Source cves: CVE-2022-30952 Source advisory: OSV:GHSA-G74W-93CP-5P3P...