Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2022-25176

Published: 15/02/2022 Updated: 30/11/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Pipeline\

Vulnerability Summary

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jenkins pipeline\\ _groovy

Vendor Advisories

Red Hat: Important: OpenShift Container Platform 4.10.6 security update
Synopsis Important: OpenShift Container Platform 4106 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4106 is now available withupdates to packages and imag ...
Red Hat: Important: OpenShift Container Platform 4.9.26 security update
Synopsis Important: OpenShift Container Platform 4926 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4926 is now available withupdates to packages and imag ...
Red Hat: Important: OpenShift Container Platform 3.11.665 security and bug fix update
Synopsis Important: OpenShift Container Platform 311665 security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 311665 is now available withupdates to p ...
Red Hat: Important: OpenShift Container Platform 4.7.48 packages and security update
Synopsis Important: OpenShift Container Platform 4748 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4748 is now available withupdates to pack ...
Red Hat: Important: OpenShift Container Platform 4.6.57 packages and security update
Synopsis Important: OpenShift Container Platform 4657 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4657 is now available withupdates to pack ...
Red Hat: Moderate: OpenShift Container Platform 4.6.57 security and extras update
Synopsis Moderate: OpenShift Container Platform 4657 security and extras update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4657 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...
Red Hat:
Jenkins Pipeline: Groovy Plugin 2648va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system ...

References

CWE-59https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:1025
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook