Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-25179

UNKNOWN
Published 2022-02-15T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-25179. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins project

Jenkins Pipeline: Multibranch Plugin

Affected Versions:

2.26.1 2.23.1 696.698.v9b4218eea50f unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Link Following in Jenkins Pipeline Multibranch Plugin

GHSA-2m9w-9xh2-wxc3

Advisory Details

Jenkins Pipeline: Multibranch Plugin prior to 2.23.1, 2.26.1, 696.698.v9b4218eea50f, and 707.v71c3f0a_6ccdb_ follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

Affected Packages

Maven org.jenkins-ci.plugins.workflow:workflow-multibranch
ECOSYSTEM: ≥2.24 <2.26.1
Maven org.jenkins-ci.plugins.workflow:workflow-multibranch
ECOSYSTEM: ≥0 <2.23.1
Maven org.jenkins-ci.plugins.workflow:workflow-multibranch
ECOSYSTEM: ≥696.v52535c46f4c9 <696.698.v9b4218eea50f
Maven org.jenkins-ci.plugins.workflow:workflow-multibranch
ECOSYSTEM: ≥706.vd43c65dec013 <707.v71c3f0a

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-25179
WEB https://github.com/CVEProject/cvelist/blob/00bfb5abeecc9f553a2f42954ee540e493498ee9/2022/25xxx/CVE-2022-25179.json
WEB https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613

Advisory provided by GitHub Security Advisory Database. Published: February 16, 2022, Modified: May 24, 2023

References

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613
Published: 2022-02-15T00:00:00
Last Modified: 2024-08-03T04:36:05.767Z
Copied to clipboard!