pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps

Type maven

Namespace org.jenkins-ci.plugins.workflow

Name workflow-cps

Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins.workflow/workflow-cps package.

Repository: https://mvnrepository.com/artifact/org.jenkins-ci.plugins.workflow/workflow-cps

Critical 3

High 7

Moderate 2

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	<= 2802.v5ea	CVE-2022-43404	MAVEN:GHSA-27RF-8MJP-R363	Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin	high	2022-10-19T19:00:21 (23 months ago)
Fixed	= 2803.v1a_f77ffcc773	CVE-2022-43404	MAVEN:GHSA-27RF-8MJP-R363	Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin	high	2022-10-19T19:00:21 (23 months ago)
Affected	<= 2689.v434009a	CVE-2022-30945	MAVEN:GHSA-2XVX-RW9P-XGFC	Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin	high	2022-05-18T00:00:39 (2 years ago)
Fixed	= 2692.v76b	CVE-2022-30945	MAVEN:GHSA-2XVX-RW9P-XGFC	Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin	high	2022-05-18T00:00:39 (2 years ago)
Affected	< 2.92.1 >= 2.93, < 2.94.1 >= 2646.v6ed3b5b01ff1, < 2656.vf7a	CVE-2022-25173	MAVEN:GHSA-4M7P-55JM-3VWV	Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin	high	2022-02-16T00:01:37 (2 years ago)
Fixed	= 2.92.1 = 2.94.1 = 2656.vf7a	CVE-2022-25173	MAVEN:GHSA-4M7P-55JM-3VWV	Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin	high	2022-02-16T00:01:37 (2 years ago)
Affected	>= 2.95, < 2648.2651.v230593e03e9f < 2.92.1 >= 2.93, < 2.94.1	CVE-2022-25176	MAVEN:GHSA-6473-GQRJ-4P65	Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin	moderate	2022-02-16T00:01:34 (2 years ago)
Fixed	= 2648.2651.v230593e03e9f = 2.92.1 = 2.94.1	CVE-2022-25176	MAVEN:GHSA-6473-GQRJ-4P65	Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin	moderate	2022-02-16T00:01:34 (2 years ago)
Affected	<= 2802.v5ea	CVE-2022-43401	MAVEN:GHSA-7VR5-72W7-Q6JC	Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin	high	2022-10-19T19:00:21 (23 months ago)
Fixed	= 2803.v1a_f77ffcc773	CVE-2022-43401	MAVEN:GHSA-7VR5-72W7-Q6JC	Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin	high	2022-10-19T19:00:21 (23 months ago)
Affected	<= 2.78	CVE-2020-2109	MAVEN:GHSA-99MF-F3QH-WQRP	Improper Input Validation in Jenkins Pipeline: Groovy Plugin	high	2022-05-24T17:08:46 (2 years ago)
Fixed	= 2.79	CVE-2020-2109	MAVEN:GHSA-99MF-F3QH-WQRP	Improper Input Validation in Jenkins Pipeline: Groovy Plugin	high	2022-05-24T17:08:46 (2 years ago)
Affected	< 2.60	CVE-2018-1000866	MAVEN:GHSA-GQHM-4H93-RRHG	Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass	high	2022-05-13T01:48:40 (2 years ago)
Fixed	= 2.60	CVE-2018-1000866	MAVEN:GHSA-GQHM-4H93-RRHG	Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass	high	2022-05-13T01:48:40 (2 years ago)
Affected	<= 2.36	CVE-2017-1000096	MAVEN:GHSA-MHWQ-4MH7-FV7C	Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline	high	2022-05-13T01:40:55 (2 years ago)
Fixed	= 2.36.1	CVE-2017-1000096	MAVEN:GHSA-MHWQ-4MH7-FV7C	Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline	high	2022-05-13T01:40:55 (2 years ago)
Affected	< 2803.v1a	CVE-2022-43402	MAVEN:GHSA-MQC2-W9R8-MMXM	Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution	critical	2022-10-19T19:00:21 (23 months ago)
Fixed	= 2803.v1a_f77ffcc773	CVE-2022-43402	MAVEN:GHSA-MQC2-W9R8-MMXM	Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution	critical	2022-10-19T19:00:21 (23 months ago)
Affected	<= 2648.va9433432b33c	CVE-2022-25180	MAVEN:GHSA-QV6Q-X9VR-W7J3	Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials	moderate	2022-02-16T00:01:32 (2 years ago)
Fixed	= 2656.vf7a_e7b_75a_457	CVE-2022-25180	MAVEN:GHSA-QV6Q-X9VR-W7J3	Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials	moderate	2022-02-16T00:01:32 (2 years ago)
Affected	< 2.64	CVE-2019-1003030	MAVEN:GHSA-R6MC-MRVR-23CR	Sandbox bypass in Jenkins Pipeline: Groovy Plugin	critical	2022-05-13T01:14:26 (2 years ago)
Fixed	= 2.64	CVE-2019-1003030	MAVEN:GHSA-R6MC-MRVR-23CR	Sandbox bypass in Jenkins Pipeline: Groovy Plugin	critical	2022-05-13T01:14:26 (2 years ago)
Affected	< 2.65	CVE-2019-1003041	MAVEN:GHSA-X74X-QF5J-35JH	Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin	critical	2022-05-13T01:15:09 (2 years ago)
Fixed	= 2.65	CVE-2019-1003041	MAVEN:GHSA-X74X-QF5J-35JH	Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin	critical	2022-05-13T01:15:09 (2 years ago)