CVE-2022-25173 in Groovy Plugin
Resumen
por MITRE • 2022-02-15
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.