vulnerability

Red Hat OpenShift: CVE-2022-25179: workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Feb 15, 2022	Mar 29, 2022	Apr 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Feb 15, 2022

Added

Mar 29, 2022

Modified

Apr 14, 2025

Description

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

Solution

linuxrpm-upgrade-jenkins-2-plugins

References

CVE-2022-25179
https://attackerkb.com/topics/CVE-2022-25179
REDHAT-RHSA-2022:0871
REDHAT-RHSA-2022:1021
REDHAT-RHSA-2022:1025
REDHAT-RHSA-2022:1248
REDHAT-RHSA-2022:1420
REDHAT-RHSA-2022:1620

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today