vulnerability

Red Hat OpenShift: CVE-2022-25178: workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Feb 15, 2022	Mar 29, 2022	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Feb 15, 2022

Added

Mar 29, 2022

Modified

Mar 30, 2026

Description

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

Solution

linuxrpm-upgrade-jenkins-2-plugins

References

CVE-2022-25178
https://attackerkb.com/topics/CVE-2022-25178
CWE-22
EUVD-EUVD-2022-0839
REDHAT-RHSA-2022:0871
REDHAT-RHSA-2022:1021
REDHAT-RHSA-2022:1025
REDHAT-RHSA-2022:1248
REDHAT-RHSA-2022:1420
REDHAT-RHSA-2022:1620
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-0839

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report