CVE-2022-25173
Summary
| CVE | CVE-2022-25173 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-15 17:15:00 UTC |
| Updated | 2023-11-30 19:13:00 UTC |
| Description | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - Multiple vulnerabilities in Jenkins plugins | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| Jenkins Security Advisory 2022-02-15 | CONFIRM | www.jenkins.io | Issue Tracking, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 240189 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2022:1025)
- 240192 Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2022:1021)
- 240216 Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2022:1248)
- 240241 Red Hat OpenShift Container Platform 5 Security Update (RHSA-2022:1420)
- 240264 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2022:1620)
- 376435 Jenkins Plugins Multiple Security Vulnerabilities (Jenkins Security Advisory 2022-02-15)
- 770145 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2022:1025)
- 770146 Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2022:1021)
- 770148 Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2022:1248)
- 770151 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2022:1620)