CVE-2022-25173 in Groovy Plugininformación

Resumen

por MITRE • 2022-02-15

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservar

2022-02-15

Divulgación

2022-02-15

Moderación

aceptado

Artículo

VDB-193157

CPE

listo

EPSS

0.01444

KEV

no

Actividades

muy bajo

Fuentes

Might our Artificial Intelligence support you?

Check our Alexa App!