GHSA-4m7p-55jm-3vwv

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-4m7p-55jm-3vwv/GHSA-4m7p-55jm-3vwv.json

Aliases

CVE-2022-25173

Published

2022-02-16T00:01:37Z

Modified

2023-05-25T13:33:16.532262Z

Details

Jenkins Pipeline: Groovy Plugin prior to 2656.vf7ae7b75a_457, 2.94.1, and 2.92.1 uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

References

Affected packages

Maven / org.jenkins-ci.plugins.workflow:workflow-cps

org.jenkins-ci.plugins.workflow:workflow-cps

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2646.v6ed3b5b01ff1

Fixed

2656.vf7a

Affected versions

2646.*

2646.v6ed3b5b01ff1

2648.*

2648.2651.v230593e03e9f

2648.va9433432b33c

Maven / org.jenkins-ci.plugins.workflow:workflow-cps

org.jenkins-ci.plugins.workflow:workflow-cps

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.93

Fixed

2.94.1

Affected versions

2.*

2.93

2.94

Maven / org.jenkins-ci.plugins.workflow:workflow-cps

org.jenkins-ci.plugins.workflow:workflow-cps

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Fixed

2.92.1

Affected versions

0.*

0.1-beta-1

0.1-beta-2

0.1-beta-3

0.1-beta-4

0.1-beta-5

0.1-beta-6

0.1-beta-7

0.1-beta-8

1.*

1.0

1.0-beta-1

1.1

1.10

1.10-beta-1

1.10.1

1.11

1.11-beta-1

1.11-beta-2

1.11-beta-3

1.11-beta-4

1.12

1.12-beta-1

1.12-beta-2

1.12-beta-3

1.13

1.14

1.14-beta-1

1.14.1

1.14.1-beta-1

1.14.2

1.15

1.15-beta-1

1.2

1.3

1.4

1.4.1

1.4.2

1.4.3

1.4.3-beta-1

1.5

1.6

1.6-alpha-1

1.7

1.7-alpha-1

1.8

1.9

1.9-beta-1

2.*

2.0

2.1

2.10

2.11

2.12

2.13

2.14

2.15

2.16

2.17

2.18

2.19

2.2

2.20

2.21

2.22

2.23

2.24

2.25

2.26

2.27

2.28

2.29

2.3

2.30

2.30-stepstorage2-alpha

2.30-stepstorage2-alpha2

2.30-stepstorage4-beta

2.31

2.32

2.33

2.34

2.35

2.36

2.36.1

2.37

2.38

2.39

2.4

2.40

2.41

2.42

2.43

2.43-durability-beta-1

2.43-durability-beta-2

2.43-durability-beta-3

2.43-durability-beta-4

2.44

2.45

2.46

2.46.1

2.46.2

2.47

2.48

2.49

2.5

2.50

2.51

2.52

2.53

2.54

2.54.1

2.54.2

2.55

2.56

2.57

2.57.1

2.57.2

2.57.3

2.58

2.58-beta-1

2.59

2.6

2.60

2.61

2.61.1

2.61.2

2.61.3

2.62

2.63

2.64

2.65

2.66

2.66.1

2.67

2.68

2.69

2.7

2.70

2.71

2.72

2.73

2.74

2.74.1

2.75

2.76

2.77

2.78

2.79

2.8

2.80

2.81

2.82

2.83

2.84

2.85

2.86

2.87

2.88

2.89

2.9

2.90

2.91

2.92