Pipeline:shared Groovy Libraries Security Vulnerabilities and Issues — Pipeline:shared Groovy Libraries CVE List

Lucene search

JenkinsPipeline:shared Groovy Libraries

4 matches found

CVE•added 2022/02/15 5:15 p.m.•200 views

CVE-2022-25181

A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already ...

8.8CVSS8.7AI score0.00157EPSS

CVE•added 2022/02/15 5:15 p.m.•177 views

CVE-2022-25182

A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already conf...

8.8CVSS8.7AI score0.00157EPSS

CVE•added 2022/02/15 5:15 p.m.•172 views

CVE-2022-25183

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using sp...

8.8CVSS8.6AI score0.00393EPSS

CVE•added 2022/02/15 5:15 p.m.•167 views

CVE-2022-25174

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

8.8CVSS8.5AI score0.01905EPSS