Lucene search
+L

83 matches found

Vulnrichment
Vulnrichment
added 2022/04/12 7:50 p.m.16 views

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

6.5AI score0.01116EPSS
Exploits0References1
CVE
CVE
added 2022/04/12 7:50 p.m.197 views

CVE-2022-29047

CVE-2022-29047 affects Jenkins Pipeline: Shared Groovy Libraries Plugin (versions 564.ve62a_4eb_b_e039 and earlier, except 2.21.3). The vulnerability allows attackers who can submit pull requests (but cannot commit to SCM) to change the definition of a dynamically retrieved library, effectively a...

5.3CVSS5.3AI score0.01116EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.4 views

Jenkins Pipeline访问控制错误漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Pipeline is a suite of plugins that support the implementation and integration of continuous delivery pipelines int...

5.3CVSS5.8AI score0.01116EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.4 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...

8.8CVSS6.1AI score0.01601EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.5 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...

8.8CVSS6.1AI score0.01571EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.12 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...

8.8CVSS6.1AI score0.01601EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.10 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...

8.8CVSS6.1AI score0.01571EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.8 views

workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controll...

6.5CVSS5.8AI score0.01742EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.13 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...

8.8CVSS6.1AI score0.01601EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/22 5:31 p.m.5 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission...

8.8CVSS6.1AI score0.01601EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/22 5:31 p.m.4 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...

8.8CVSS6.1AI score0.01601EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/22 5:31 p.m.8 views

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...

8.8CVSS6.1AI score0.01571EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/02/17 4:52 p.m.72 views

CVE-2022-25182

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins...

8.8CVSS5.2AI score0.01601EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/02/17 4:52 p.m.56 views

CVE-2022-25183

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...

8.8CVSS4AI score0.01571EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/02/17 3:47 p.m.54 views

CVE-2022-25174

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

8.8CVSS5.5AI score0.01443EPSS
Exploits0References3
OSV
OSV
added 2022/02/16 12:1 a.m.21 views

GHSA-G9FX-6J5C-GRMW Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin

Jenkins Pipeline: Shared Groovy Libraries Plugin prior to 561.vace0de3c2d69, 2.21.1, and 2.18.1 uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM...

8.8CVSS8.6AI score0.01443EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.37 views

Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin

Jenkins Pipeline: Shared Groovy Libraries Plugin prior to 561.vace0de3c2d69, 2.21.1, and 2.18.1 uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM...

8.8CVSS8.4AI score0.01443EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/02/16 12:1 a.m.23 views

GHSA-Q234-X887-9RXH Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins...

6.5CVSS7.2AI score0.01742EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.30 views

Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins...

6.5CVSS2.3AI score0.01742EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.29 views

Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin

Jenkins Pipeline: Shared Groovy Libraries Plugin does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

6.5CVSS7.2AI score0.01668EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder