Jenkins Pipeline Groovy Plugin Vulnerability in SCM Handling
CVE-2022-25173

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Pipeline: Groovy Plugin
Vendor: CVE Published:; 15 February 2022

What is CVE-2022-25173?

The Jenkins Pipeline Groovy Plugin has a vulnerability that arises from its use of identical checkout directories for different Source Code Management (SCM) systems. This flaw enables users who possess Item/Configure permissions to exploit the system by injecting malicious scripts into the SCM contents. Such an attack can result in the execution of arbitrary OS commands on the Jenkins controller, posing a significant security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Pipeline: Groovy Plugin <= 2648.va9433432b33c

Jenkins Pipeline: Groovy Plugin 2.94.1

Jenkins Pipeline: Groovy Plugin 2.92.1

References

https://www.jenkins.io/security/advisory/2022-02-15/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2022/02/15/2

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2022
Vulnerability Reserved
Feb 15, 2022

JSON

Jenkins

What is CVE-2022-25173?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.