Jenkins Pipeline: Deprecated Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization.
This allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists.
Pipeline: Deprecated Groovy Libraries Plugin 561.va_ce0de3c2d69 sanitizes the names of Pipeline libraries when creating library cache directories.
{ "nvd_published_at": "2022-02-15T17:15:00Z", "cwe_ids": [ "CWE-693" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-06-20T22:36:46Z" }