Back to search
CVE-2022-25173
Published: Feb 15, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
| Vendor | Product | Versions |
|---|---|---|
Jenkins project | Jenkins Pipeline: Groovy Plugin | affected unspecified - <= 2648.va9433432b33cunaffected 2.94.1unaffected 2.92.1 |
References
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463
x_refsource_CONFIRM
[oss-security] 20220215 Multiple vulnerabilities in Jenkins plugins
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now