Lucene search
+L

83 matches found

CVE
CVE
added 2022/02/15 4:11 p.m.228 views

CVE-2022-25181

The CVE-2022-25181 issue is a sandbox bypass in Jenkins Pipeline: Shared Groovy Libraries Plugin (552.vd9cc05b8a2e1 and earlier). An attacker with Item/Configure permission can execute arbitrary code in the Jenkins controller JVM through crafted SCM contents if a global Pipeline library exists. T...

8.8CVSS8.7AI score0.01601EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2022/02/15 4:10 p.m.91 views

CVE-2022-25178

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

6.5CVSS4.2AI score0.01668EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/15 4:10 p.m.32 views

CVE-2022-25178

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

7.5AI score0.01668EPSS
Exploits0References1
CVE
CVE
added 2022/02/15 4:10 p.m.300 views

CVE-2022-25178

CVE-2022-25178 affects Jenkins Pipeline: Shared Groovy Libraries Plugin (552.vd9cc05b8a2e1 and earlier). The vulnerability arises because the plugin does not restrict the names of resources passed to the libraryResource step, enabling attackers with Pipeline configuration permissions to read arbi...

6.5CVSS6.4AI score0.01668EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2022/02/15 4:10 p.m.52 views

CVE-2022-25177

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins...

6.5CVSS3.7AI score0.01742EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/15 4:10 p.m.23 views

CVE-2022-25177

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins...

7.5AI score0.01742EPSS
Exploits0References1
CVE
CVE
added 2022/02/15 4:10 p.m.202 views

CVE-2022-25177

CVE-2022-25177 affects Jenkins Pipeline: Shared Groovy Libraries Plugin (552.vd9cc05b8a2e1 and earlier). Root cause: the libraryResource path reading follows symbolic links outside the expected Pipeline library, enabling reading arbitrary files on the Jenkins controller filesystem. Impact: via cr...

6.5CVSS6.4AI score0.01742EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/02/15 4:10 p.m.199 views

CVE-2022-25174

CVE-2022-25174 affects Jenkins Pipeline: Shared Groovy Libraries Plugin (and related Pipeline plugins) where distinct SCMs shared checkout directories, enabling an attacker with Item/Configure permission to invoke arbitrary OS commands on the controller via crafted SCM contents. Public sources wi...

8.8CVSS8.5AI score0.01443EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2022/02/15 4:10 p.m.103 views

CVE-2022-25174

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

8.8CVSS4.3AI score0.01443EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/15 4:10 p.m.31 views

CVE-2022-25174

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

8.9AI score0.01443EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.2 views

Jenkins 插件 代码注入漏洞

Jenkins plugins are plugins that provide functionality for Jenkins. A security vulnerability exists in the Jenkins Pipeline: Shared Groovy Libraries plugin 552.vd9cc05b8a2e1 and earlier versions, which stems from the use of the name of a pipeline library to create a cache directory without any...

8.8CVSS8.4AI score0.01571EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.2 views

PT-2022-17121 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 552.vd9cc05b8a2e1 and earlier Description: A sandbox bypass issue allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...

8.8CVSS8.8AI score0.01601EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.4 views

PT-2022-17116 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 552.vd9cc05b8a2e1 and earlier Description: The issue allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system. This is because the...

6.5CVSS7.2AI score0.01742EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.5 views

PT-2022-17113 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 552.vd9cc05b8a2e1 and earlier Jenkins Pipeline: Shared Groovy Libraries Plugin version 2.18.1 Jenkins Pipeline: Shared Groovy Libraries Plugin version 2.21.1 Description: The issue...

8.8CVSS8.5AI score0.01443EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/12/02 10:4 p.m.5 views

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

9.8CVSS6.1AI score0.0232EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/12/02 6:37 p.m.4 views

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

9.8CVSS6.1AI score0.0232EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/29 10:40 a.m.3 views

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

9.8CVSS6.1AI score0.0232EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.5 views

PT-2021-4993 · Jenkins · Remoting Security Workaround Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier Description: The issue is related to the implementation of the FilePath API in the Jenkins automation server, which does not limit agent read/write access to the libs/...

9.8CVSS9.4AI score0.0232EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2019/10/05 9:39 a.m.29 views

CVE-2019-10357

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries...

4.3CVSS2.6AI score0.01213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/09/11 5:41 a.m.5 views

jenkins-plugin-workflow-cps-global-lib: Missing permission check in Pipeline: Shared Groovy Libraries Plugin

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries...

4.3CVSS5.8AI score0.01213EPSS
Exploits0References5
Rows per page
Query Builder