Published: 15/02/2022 Updated: 30/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins pipeline\\ _groovy

Synopsis Important: OpenShift Container Platform 4106 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4106 is now available withupdates to packages and imag ...

Synopsis Important: OpenShift Container Platform 4926 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4926 is now available withupdates to packages and imag ...

Synopsis Important: OpenShift Container Platform 311665 security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 311665 is now available withupdates to p ...

Synopsis Important: OpenShift Container Platform 4748 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4748 is now available withupdates to pack ...

Synopsis Important: OpenShift Container Platform 4657 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4657 is now available withupdates to pack ...

Synopsis Moderate: OpenShift Container Platform 4657 security and extras update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4657 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...

Jenkins Pipeline: Groovy Plugin 2648va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents ...

CWE-78 https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463 http://www.openwall.com/lists/oss-security/2022/02/15/2 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:1025

CVE-2022-25173

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect