ID CVE-2022-25182
Summary A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:-:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:-:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.11:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.12:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.12:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.12.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.12.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.13:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.13:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.13.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.13.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.14:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.14:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.15:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.15:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.16:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.16:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.17:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.17:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.18:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.18:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.18.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.18.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.19:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.19:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.21.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:2.21.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:544.vff04fa68714d:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:544.vff04fa68714d:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:545.v7b28cce323cf:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:545.v7b28cce323cf:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:548.v9085a486966a:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:548.v9085a486966a:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:552.554.vdba55efb9e88:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:552.554.vdba55efb9e88:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:552.vd9cc05b8a2e1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:pipeline\:shared_groovy_libraries:552.vd9cc05b8a2e1:*:*:*:*:jenkins:*:*
CVSS
Base: 6.5 (as of 23-02-2022 - 21:24)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
Last major update 23-02-2022 - 21:24
Published 15-02-2022 - 17:15
Last modified 23-02-2022 - 21:24
Back to Top