CVE-2022-25176

Aliases:GHSA-6473-gqrj-4p65

Advisory lineage Upstream: 0 Downstream: 6

Downstream

RHSA-2022:0871 RHSA-2022:1021 RHSA-2022:1025 RHSA-2022:1248 RHSA-2022:1420 RHSA-2022:1620

Modified

Published: 15 Feb 2022, 16:10

Last modified:15 Oct 2024, 17:14

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.64% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

15 Feb 2022, 16:10

Published

Vulnerability first disclosed

15 Oct 2024, 17:14

Last Modified

Vulnerability information updated

Description

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.64%• Percentile: 71%

Techniques & Countermeasures

CWE-59•Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Systems

jenkins project•jenkins pipeline: groovy plugin
≥ unspecified, ≤ 2648.va9433432b33c
org.jenkins-ci.plugins.workflow•workflow-cps
≥ 2.93, < 2.94.1 | < 2.92.1 | ≥ 2.95, < 2648.2651.v230593e03e9f