vulnerability

Red Hat OpenShift: CVE-2022-25177: workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Feb 15, 2022	Mar 29, 2022	Apr 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Feb 15, 2022

Added

Mar 29, 2022

Modified

Apr 14, 2025

Description

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.

Solution

linuxrpm-upgrade-jenkins-2-plugins

References

CVE-2022-25177
https://attackerkb.com/topics/CVE-2022-25177
REDHAT-RHSA-2022:0871
REDHAT-RHSA-2022:1021
REDHAT-RHSA-2022:1025
REDHAT-RHSA-2022:1248
REDHAT-RHSA-2022:1420
REDHAT-RHSA-2022:1620

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today