CVE-2022-29047
Summary
| CVE | CVE-2022-29047 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-12 20:15:00 UTC |
| Updated | 2023-12-21 21:54:00 UTC |
| Description | Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. |
Risk And Classification
Problem Types: CWE-863
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Jenkins Security Advisory 2022-04-12 | CONFIRM | www.jenkins.io | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 240353 Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2022:2205)
- 240457 Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2022:4909)
- 241063 Red Hat OpenShift Container Platform 4.8 Security Update (RHSA-2023:0017)
- 770152 Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2022:2205)
- 770154 Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2022:4909)
- 770171 Red Hat OpenShift Container Platform 4.8. Security Update (RHSA-2023:0017)