Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-99mf-f3qh-wqrp

GitHub Security Advisory

Improper Input Validation in Jenkins Pipeline: Groovy Plugin

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods.

Affected Packages

Maven org.jenkins-ci.plugins.workflow:workflow-cps
Affected versions: 0 (fixed in 2.79)

Related CVEs

CVE-2020-2109

Key Information

GHSA ID
GHSA-99mf-f3qh-wqrp
Published
May 24, 2022 5:08 PM
Last Modified
June 24, 2022 12:59 AM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins.workflow:workflow-cps
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.