Groovy Source File Loading Vulnerability in Jenkins Pipeline Groovy Plugin
CVE-2022-30945

8.5HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Pipeline: Groovy Plugin
Vendor: CVE Published:; 17 May 2022

Summary

The Jenkins Pipeline Groovy Plugin allows for the loading of arbitrary Groovy source files from the classpath within sandboxed pipelines. This can lead to unauthorized access and manipulation of the system, as users may load potentially harmful scripts that could compromise the integrity of the Jenkins environment.

Affected Version(s)

Jenkins Pipeline: Groovy Plugin <= 2689.v434009a_31b_f1

Jenkins Pipeline: Groovy Plugin 2683.2687.vb_0cc3f973f06

Jenkins Pipeline: Groovy Plugin 2.94.4

References

https://www.jenkins.io/security/advisory/2022-05-17/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2022/05/17/8

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 17, 2022
Vulnerability Reserved
May 16, 2022