Groovy Source File Loading Vulnerability in Jenkins Pipeline Groovy Plugin
CVE-2022-30945
8.5HIGH
What is CVE-2022-30945?
The Jenkins Pipeline Groovy Plugin allows for the loading of arbitrary Groovy source files from the classpath within sandboxed pipelines. This can lead to unauthorized access and manipulation of the system, as users may load potentially harmful scripts that could compromise the integrity of the Jenkins environment.
Affected Version(s)
Jenkins Pipeline: Groovy Plugin <= 2689.v434009a_31b_f1
Jenkins Pipeline: Groovy Plugin 2683.2687.vb_0cc3f973f06
Jenkins Pipeline: Groovy Plugin 2.94.4