CVE-2022-25174

CVSS v3.1 8.8 (High)

CVSS v2.0 6.5 (Medium)

EPSS 0.12 % (46^th)

Affected Products 1

Advisories 2

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

Weaknesses

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2022-02-15 17:15:08
(2 years ago)
Updated Date: 2023-11-30 19:13:01
(9 months ago)

Affected Products

Jenkins

Pipeline\:shared Groovy Libraries

Configuration #1

		CPE23	From	Up To
	Jenkins Pipeline:shared Groovy Libraries for Jenkins 552.vd9cc05b8a2e1 and prior versions	cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries::::::jenkins		<= 552.vd9cc05b8a2e1