Published: 15/02/2022 Updated: 30/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins pipeline\\ _groovy

Synopsis Important: OpenShift Container Platform 4926 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4926 is now available withupdates to packages and imag ...

Synopsis Important: OpenShift Container Platform 4106 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4106 is now available withupdates to packages and imag ...

Synopsis Moderate: OpenShift Container Platform 4657 security and extras update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4657 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...

Synopsis Important: OpenShift Container Platform 311665 security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 311665 is now available withupdates to p ...

Synopsis Important: OpenShift Container Platform 4748 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4748 is now available withupdates to pack ...

Synopsis Important: OpenShift Container Platform 4657 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4657 is now available withupdates to pack ...

Jenkins Pipeline: Groovy Plugin 2648va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system ...

Jenkins is an open source automation server which enables developers around the world to reliably build, test, and deploy their software The following releases contain fixes for security vulnerabilities: * Agent Server Parameter Plugin 11 * autonomiq Plugin 116 * Conjur Secrets Plugin 1012 * Custom Checkbox Parameter Plugin 12 * Fortify Plu ...

CWE-59 https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:1021

CVE-2022-25176

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect