pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps
Type
maven
Namespace
org.jenkins-ci.plugins.workflow
Name
workflow-cps
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins.workflow/workflow-cps package.
Critical
3
High
7
Moderate
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 2802.v5ea |
CVE-2022-43404
|
MAVEN:GHSA-27RF-8MJP-R363 | Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin | high |
2022-10-19T19:00:21
(23 months ago) |
|
Fixed | = 2803.v1a_f77ffcc773 |
CVE-2022-43404
|
MAVEN:GHSA-27RF-8MJP-R363 | Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin | high |
2022-10-19T19:00:21
(23 months ago) |
|
Affected | <= 2689.v434009a |
CVE-2022-30945
|
MAVEN:GHSA-2XVX-RW9P-XGFC | Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin | high |
2022-05-18T00:00:39
(2 years ago) |
|
Fixed | = 2692.v76b |
CVE-2022-30945
|
MAVEN:GHSA-2XVX-RW9P-XGFC | Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin | high |
2022-05-18T00:00:39
(2 years ago) |
|
Affected | < 2.92.1 >= 2.93, < 2.94.1 >= 2646.v6ed3b5b01ff1, < 2656.vf7a |
CVE-2022-25173
|
MAVEN:GHSA-4M7P-55JM-3VWV | Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin | high |
2022-02-16T00:01:37
(2 years ago) |
|
Fixed | = 2.92.1 = 2.94.1 = 2656.vf7a |
CVE-2022-25173
|
MAVEN:GHSA-4M7P-55JM-3VWV | Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin | high |
2022-02-16T00:01:37
(2 years ago) |
|
Affected | >= 2.95, < 2648.2651.v230593e03e9f < 2.92.1 >= 2.93, < 2.94.1 |
CVE-2022-25176
|
MAVEN:GHSA-6473-GQRJ-4P65 | Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin | moderate |
2022-02-16T00:01:34
(2 years ago) |
|
Fixed | = 2648.2651.v230593e03e9f = 2.92.1 = 2.94.1 |
CVE-2022-25176
|
MAVEN:GHSA-6473-GQRJ-4P65 | Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin | moderate |
2022-02-16T00:01:34
(2 years ago) |
|
Affected | <= 2802.v5ea |
CVE-2022-43401
|
MAVEN:GHSA-7VR5-72W7-Q6JC | Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin | high |
2022-10-19T19:00:21
(23 months ago) |
|
Fixed | = 2803.v1a_f77ffcc773 |
CVE-2022-43401
|
MAVEN:GHSA-7VR5-72W7-Q6JC | Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin | high |
2022-10-19T19:00:21
(23 months ago) |
|
Affected | <= 2.78 |
CVE-2020-2109
|
MAVEN:GHSA-99MF-F3QH-WQRP | Improper Input Validation in Jenkins Pipeline: Groovy Plugin | high |
2022-05-24T17:08:46
(2 years ago) |
|
Fixed | = 2.79 |
CVE-2020-2109
|
MAVEN:GHSA-99MF-F3QH-WQRP | Improper Input Validation in Jenkins Pipeline: Groovy Plugin | high |
2022-05-24T17:08:46
(2 years ago) |
|
Affected | < 2.60 |
CVE-2018-1000866
|
MAVEN:GHSA-GQHM-4H93-RRHG | Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass | high |
2022-05-13T01:48:40
(2 years ago) |
|
Fixed | = 2.60 |
CVE-2018-1000866
|
MAVEN:GHSA-GQHM-4H93-RRHG | Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass | high |
2022-05-13T01:48:40
(2 years ago) |
|
Affected | <= 2.36 |
CVE-2017-1000096
|
MAVEN:GHSA-MHWQ-4MH7-FV7C | Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline | high |
2022-05-13T01:40:55
(2 years ago) |
|
Fixed | = 2.36.1 |
CVE-2017-1000096
|
MAVEN:GHSA-MHWQ-4MH7-FV7C | Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline | high |
2022-05-13T01:40:55
(2 years ago) |
|
Affected | < 2803.v1a |
CVE-2022-43402
|
MAVEN:GHSA-MQC2-W9R8-MMXM | Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution | critical |
2022-10-19T19:00:21
(23 months ago) |
|
Fixed | = 2803.v1a_f77ffcc773 |
CVE-2022-43402
|
MAVEN:GHSA-MQC2-W9R8-MMXM | Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution | critical |
2022-10-19T19:00:21
(23 months ago) |
|
Affected | <= 2648.va9433432b33c |
CVE-2022-25180
|
MAVEN:GHSA-QV6Q-X9VR-W7J3 | Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials | moderate |
2022-02-16T00:01:32
(2 years ago) |
|
Fixed | = 2656.vf7a_e7b_75a_457 |
CVE-2022-25180
|
MAVEN:GHSA-QV6Q-X9VR-W7J3 | Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials | moderate |
2022-02-16T00:01:32
(2 years ago) |
|
Affected | < 2.64 |
CVE-2019-1003030
|
MAVEN:GHSA-R6MC-MRVR-23CR | Sandbox bypass in Jenkins Pipeline: Groovy Plugin | critical |
2022-05-13T01:14:26
(2 years ago) |
|
Fixed | = 2.64 |
CVE-2019-1003030
|
MAVEN:GHSA-R6MC-MRVR-23CR | Sandbox bypass in Jenkins Pipeline: Groovy Plugin | critical |
2022-05-13T01:14:26
(2 years ago) |
|
Affected | < 2.65 |
CVE-2019-1003041
|
MAVEN:GHSA-X74X-QF5J-35JH | Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin | critical |
2022-05-13T01:15:09
(2 years ago) |
|
Fixed | = 2.65 |
CVE-2019-1003041
|
MAVEN:GHSA-X74X-QF5J-35JH | Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin | critical |
2022-05-13T01:15:09
(2 years ago) |