Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-25177

EPSS 0.64% · P71
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-25177

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Jenkins Pipeline 后置链接漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Jenkins Pipeline是一套插件,支持将持续交付管道实施和集成到 Jenkins 中。 Jenkins Pipeline Shared Groovy Libraries Plugin 存在后置链接漏洞,该漏洞源于Jenkins Pipeline 共享Groovy库插件552.vd9cc05b8a2e1和更早的版本没有限制传递给libraryResource步骤的资源名。攻击者可利用该漏洞能够配置管道权限来读取Jenkins控制器文件系统上的任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Jenkins projectJenkins Pipeline: Shared Groovy Libraries Plugin unspecified ~ 552.vd9cc05b8a2e1 -

II. Public POCs for CVE-2022-25177

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-25177

登录查看更多情报信息。

Same Patch Batch · Jenkins project · 2022-02-15 · 40 CVEs total

CVE-2022-25183Jenkins 插件 代码注入漏洞
CVE-2022-25192Jenkins Snow Commander Plugin 跨站请求伪造漏洞
CVE-2022-25191Jenkins 插件 跨站脚本漏洞
CVE-2022-25190Jenkins 插件 权限许可和访问控制问题漏洞
CVE-2022-25189Jenkins 插件跨站脚本漏洞
CVE-2022-25188Jenkins 插件 路径遍历漏洞
CVE-2022-25187Jenkins Support Core 安全漏洞
CVE-2022-25186Jenkins 插件 信息泄露漏洞
CVE-2022-25185Jenkins Generic Webhook Trigger Plugin 跨站脚本漏洞
CVE-2022-25184Jenkins Pipeline 信息泄露漏洞
CVE-2022-25193Jenkins Plugin Snow Commander 权限许可和访问控制问题漏洞
CVE-2022-25182Jenkins Pipeline 代码注入漏洞
CVE-2022-25181Jenkins Pipeline 代码注入漏洞
CVE-2022-25180Jenkins Pipeline 信息泄露漏洞
CVE-2022-25178Jenkins Pipeline 路径遍历漏洞
CVE-2022-25176Jenkins Pipeline 后置链接漏洞
CVE-2022-25174Jenkins Pipeline 操作系统命令注入漏洞
CVE-2022-25173Jenkins Pipeline 操作系统命令注入漏洞
CVE-2022-25175Jenkins Pipeline: Multibranch Plugin 操作系统命令注入漏洞
CVE-2022-25179Jenkins Pipeline 后置链接漏洞

Showing top 20 of 40 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Jenkins Pipeline: Shared Groovy Libraries Plugin
Same vendor: Jenkins project

V. Comments for CVE-2022-25177

No comments yet

Leave a comment