vulnerability

Red Hat OpenShift: CVE-2022-29047: Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	2022-04-12	2022-05-19	2025-04-14

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

2022-04-12

Added

2022-05-19

Modified

2025-04-14

Description

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them.

Solution

linuxrpm-upgrade-jenkins-2-plugins

References

CVE-2022-29047
https://attackerkb.com/topics/CVE-2022-29047
REDHAT-RHSA-2022:2205
REDHAT-RHSA-2022:4909
REDHAT-RHSA-2023:0017
REDHAT-RHSA-2023:1064

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today