Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.
References
Link | Resource |
---|---|
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613 | Issue Tracking Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jenkins
Published: 2022-02-15T16:10:58
Updated: 2023-10-24T14:19:35.550Z
Reserved: 2022-02-15T00:00:00
Link: CVE-2022-25178
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-15T17:15:08.837
Modified: 2023-11-30T18:59:36.370
Link: CVE-2022-25178
JSON object: View
Redhat Information
No data.
CWE