[JENKINS:SECURITY-2441] Sandbox bypass vulnerability in `workflow-cps-global-lib`
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
workflow-cps-global-lib 552.vd9cc05b8a2e1 and earlier uses the same workspace directory for all checkouts of Pipeline libraries with the same name regardless of the SCM being used and the source of the library configuration.
This allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists.
workflow-cps-global-lib 561.va_ce0de3c2d69 uses distinct checkout directories per SCM for Pipeline libraries.
| Package | Affected Version |
|---|---|
 pkg:maven/org.jenkins-ci.plugins/workflow-cps-global-lib
|
<= 552.vd9cc05b8a2e1 |
 pkg:github/jenkinsci/workflow-cps-global-lib-plugin
|
<= 552.vd9cc05b8a2e1 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.jenkins-ci.plugins/workflow-cps-global-lib
|
= 561.va_ce0de3c2d69 |
|
pkg:github/jenkinsci/workflow-cps-global-lib-plugin
|
= 561.va_ce0de3c2d69 |
- ID
- JENKINS:SECURITY-2441
- Severity
- high
- Published
-
2022-02-15T00:00:00
(2 years ago) - Modified
-
2022-02-15T00:00:00
(2 years ago) - Rights
- Jenkins Security Team
- Other Advisories
MAVEN:GHSA-7W2W-FWPF-9M4H| Source | # ID | Name | URL |
|---|---|---|---|
| Plugin repository | workflow-cps-global-lib repository |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/org.jenkins-ci.plugins/workflow-cps-global-lib | org.jenkins-ci.plugins |
workflow-cps-global-lib
|
<= 552.vd9cc05b8a2e1 | |||
| Fixed | pkg:maven/org.jenkins-ci.plugins/workflow-cps-global-lib | org.jenkins-ci.plugins |
workflow-cps-global-lib
|
= 561.va_ce0de3c2d69 | |||
| Affected | pkg:github/jenkinsci/workflow-cps-global-lib-plugin | jenkinsci |
workflow-cps-global-lib-plugin
|
<= 552.vd9cc05b8a2e1 | |||
| Fixed | pkg:github/jenkinsci/workflow-cps-global-lib-plugin | jenkinsci |
workflow-cps-global-lib-plugin
|
= 561.va_ce0de3c2d69 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |