CVE-2022-25173

CVE-2022-25173

Name

CVE-2022-25173

Description

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463
MLIST	http://www.openwall.com/lists/oss-security/2022/02/15/2

Type

URI

CONFIRM

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463

MLIST

http://www.openwall.com/lists/oss-security/2022/02/15/2

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:jenkins:pipeline\:_groovy::::::jenkins::*`	jenkins	>= None	<= 2648.va9433432b33c

CPE URI

Source package

Min version

Max version

cpe:2.3:a:jenkins:pipeline\:_groovy:*:*:*:*:*:jenkins:*:*

jenkins

>= None

<= 2648.va9433432b33c

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
jenkins	3.15-community	2.319.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	3.16-community	2.346.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	edge-community	2.361.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
jenkins	3.17-community	2.361.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

jenkins

3.15-community

2.319.3-r0

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

jenkins

3.16-community