Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.
                
            References
                    | Link | Resource | 
|---|---|
| https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613 | Issue Tracking Patch Vendor Advisory | 
| https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613 | Issue Tracking Patch Vendor Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2022-02-15 17:15
Updated : 2024-11-21 06:51
NVD link : CVE-2022-25178
Mitre link : CVE-2022-25178
CVE.ORG link : CVE-2022-25178
JSON object : View
Products Affected
                jenkins
- pipeline\
CWE
                
                    
                        
                        CWE-22
                        
            Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
