CVE-2022-29047

CVSS v3.1 5.3 (Medium)

CVSS v2.0 5 (Medium)

EPSS 0.07 % (32^th)

Affected Products 1

Advisories 2

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them.

Weaknesses

CWE-863: Incorrect Authorization

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2022-04-12 20:15:09
(2 years ago)
Updated Date: 2023-12-21 21:54:31
(9 months ago)

Affected Products

Jenkins

Pipeline\: Shared Groovy Libraries

Configuration #1

		CPE23	From	Up To
	Jenkins Pipeline: Shared Groovy Libraries for Jenkins prior 2.21.3 version	cpe:2.3:a:jenkins:pipeline\:_shared_groovy_libraries::::::jenkins		< 2.21.3
	Jenkins Pipeline: Shared Groovy Libraries for Jenkins from 544.vff04fa68714d version and prior 566.vd0a_a_3334a_555 version	cpe:2.3:a:jenkins:pipeline\:_shared_groovy_libraries::::::jenkins	>= 544.vff04fa68714d	< 566.vd0a_a_3334a_555