Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-25175

UNKNOWN
Published 2022-02-15T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-25175. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins project

Jenkins Pipeline: Multibranch Plugin

Affected Versions:

2.26.1 2.23.1 696.698.v9b4218eea50f unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection

GHSA-pj84-qjm3-77mg

Advisory Details

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses distinct checkout directories per SCM for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

Affected Packages

Maven org.jenkins-ci.plugins.workflow:workflow-multibranch
ECOSYSTEM: ≥0 <707.v71c3f0a_6ccdb

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-25175
WEB https://github.com/jenkinsci/workflow-multibranch-plugin/commit/71c3f0a6ccdb2ba43f43686826b0d62160df85e8
WEB https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463

Advisory provided by GitHub Security Advisory Database. Published: February 16, 2022, Modified: July 21, 2022

References

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2463
Published: 2022-02-15T00:00:00
Last Modified: 2024-08-03T04:36:06.194Z
Copied to clipboard!