Описание
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.
Ссылки
- Issue TrackingPatchVendor Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 552.vd9cc05b8a2e1 (включая)
cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 60%
0.00404
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.5
redhat
почти 4 года назад
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.
CVSS3: 6.5
github
почти 4 года назад
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin
EPSS
Процентиль: 60%
0.00404
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22