Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2022-25177

Published: 15/02/2022 Updated: 30/11/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Pipeline\

Vulnerability Summary

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jenkins pipeline\\ shared_groovy_libraries

Vendor Advisories

Red Hat: Important: OpenShift Container Platform 4.10.6 security update
Synopsis Important: OpenShift Container Platform 4106 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4106 is now available withupdates to packages and imag ...
Red Hat: Important: OpenShift Container Platform 4.9.26 security update
Synopsis Important: OpenShift Container Platform 4926 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4926 is now available withupdates to packages and imag ...
Red Hat: Important: OpenShift Container Platform 3.11.665 security and bug fix update
Synopsis Important: OpenShift Container Platform 311665 security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 311665 is now available withupdates to p ...
Red Hat: Important: OpenShift Container Platform 4.7.48 packages and security update
Synopsis Important: OpenShift Container Platform 4748 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4748 is now available withupdates to pack ...
Red Hat: Important: OpenShift Container Platform 4.6.57 packages and security update
Synopsis Important: OpenShift Container Platform 4657 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4657 is now available withupdates to pack ...
Red Hat: Moderate: OpenShift Container Platform 4.6.57 security and extras update
Synopsis Moderate: OpenShift Container Platform 4657 security and extras update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4657 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...
Red Hat:
Jenkins Pipeline: Shared Groovy Libraries Plugin 552vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system ...

References

CWE-59https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:1025
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook