CVE-2022-25176
Summary
| CVE | CVE-2022-25176 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-15 17:15:00 UTC |
| Updated | 2023-11-30 19:12:00 UTC |
| Description | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. |
Risk And Classification
Problem Types: CWE-59
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Jenkins Security Advisory 2022-02-15 | CONFIRM | www.jenkins.io | Issue Tracking, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 240189 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2022:1025)
- 240192 Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2022:1021)
- 240216 Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2022:1248)
- 240241 Red Hat OpenShift Container Platform 5 Security Update (RHSA-2022:1420)
- 240264 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2022:1620)
- 376435 Jenkins Plugins Multiple Security Vulnerabilities (Jenkins Security Advisory 2022-02-15)
- 770145 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2022:1025)
- 770146 Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2022:1021)
- 770148 Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2022:1248)
- 770151 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2022:1620)