vulnerability

Red Hat OpenShift: CVE-2022-25176: workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Feb 15, 2022	Mar 29, 2022	Apr 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Feb 15, 2022

Added

Mar 29, 2022

Modified

Apr 14, 2025

Description

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.

Solution

linuxrpm-upgrade-jenkins-2-plugins

References

CVE-2022-25176
https://attackerkb.com/topics/CVE-2022-25176
REDHAT-RHSA-2022:0871
REDHAT-RHSA-2022:1021
REDHAT-RHSA-2022:1025
REDHAT-RHSA-2022:1248
REDHAT-RHSA-2022:1420
REDHAT-RHSA-2022:1620

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today