CVE-2022-25175 PoC — Jenkins Pipeline: Multibranch Plugin 操作系统命令注入漏洞

Source

https://github.com/shoucheng3/jenkinsci__workflow-multibranch-plugin_CVE-2022-25175_706-vd43c65dec013

Associated Vulnerability

Title:Jenkins Pipeline: Multibranch Plugin 操作系统命令注入漏洞 (CVE-2022-25175)
Description:Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

Readme

# Pipeline: Multibranch

[![Jenkins Plugin](https://img.shields.io/jenkins/plugin/v/workflow-multibranch)](https://plugins.jenkins.io/workflow-multibranch)
[![Changelog](https://img.shields.io/github/v/tag/jenkinsci/workflow-multibranch-plugin?label=changelog)](https://github.com/jenkinsci/workflow-multibranch-plugin/blob/master/CHANGELOG.md)
[![Jenkins Plugin Installs](https://img.shields.io/jenkins/plugin/i/workflow-multibranch?color=blue)](https://plugins.jenkins.io/workflow-multibranch)

## Introduction

Enhances Pipeline plugin to handle branches better by automatically
grouping builds from different branches.

Automatically creates a new Jenkins job whenever a new branch is pushed
to a source code repository.  
Other plugins can define various branch types, e.g. a Git branch, a
Subversion branch, a GitHub Pull Request etc.

See this blog post for more
info:<https://jenkins.io/blog/2015/12/03/pipeline-as-code-with-multibranch-workflows-in-jenkins/>

## Notes

To determine the branch being built - use the environment variable
`BRANCH_NAME` - e.g. `${env.BRANCH_NAME}`

## Version History

See [the changelog](CHANGELOG.md).

File Snapshot


 [4.0K]  /data/pocs/feee6d3cf7eb84ebda94b8cccda3505310dd40b5
├── [9.2K]  CHANGELOG.md
├── [ 171]  Jenkinsfile
├── [8.8K]  pom.xml
├── [1.1K]  README.md
└── [4.0K]  src
    ├── [4.0K]  main
    │   ├── [4.0K]  java
    │   │   └── [4.0K]  org
    │   │       └── [4.0K]  jenkinsci
    │   │           └── [4.0K]  plugins
    │   │               └── [4.0K]  workflow
    │   │                   └── [4.0K]  multibranch
    │   │                       ├── [3.7K]  AbstractWorkflowBranchProjectFactory.java
    │   │                       ├── [3.4K]  AbstractWorkflowMultiBranchProjectFactory.java
    │   │                       ├── [4.1K]  BranchJobProperty.java
    │   │                       ├── [4.6K]  DurabilityHintBranchProperty.java
    │   │                       ├── [ 10K]  JobPropertyStep.java
    │   │                       ├── [1.1K]  JobPropertyTrackerAction.java
    │   │                       ├── [ 12K]  ReadTrustedStep.java
    │   │                       ├── [ 11K]  ResolveScmStep.java
    │   │                       ├── [8.8K]  SCMBinder.java
    │   │                       ├── [5.7K]  SCMVar.java
    │   │                       ├── [4.2K]  WorkflowBranchProjectFactory.java
    │   │                       ├── [3.4K]  WorkflowMultiBranchProjectFactory.java
    │   │                       └── [9.1K]  WorkflowMultiBranchProject.java
    │   ├── [4.0K]  resources
    │   │   ├── [1.3K]  index.jelly
    │   │   └── [4.0K]  org
    │   │       └── [4.0K]  jenkinsci
    │   │           └── [4.0K]  plugins
    │   │               └── [4.0K]  workflow
    │   │                   └── [4.0K]  multibranch
    │   │                       ├── [4.0K]  DurabilityHintBranchProperty
    │   │                       │   ├── [1.8K]  config.jelly
    │   │                       │   └── [3.2K]  help.html
    │   │                       ├── [4.0K]  JobPropertyStep
    │   │                       │   ├── [1.3K]  config.jelly
    │   │                       │   └── [ 320]  help.html
    │   │                       ├── [ 387]  Messages_fr.properties
    │   │                       ├── [ 304]  Messages.properties
    │   │                       ├── [1.5K]  Messages_zh_CN.properties
    │   │                       ├── [4.0K]  ReadTrustedStep
    │   │                       │   ├── [1.3K]  config.jelly
    │   │                       │   ├── [ 617]  help.html
    │   │                       │   └── [ 200]  help-path.html
    │   │                       ├── [4.0K]  ResolveScmStep
    │   │                       │   ├── [1.8K]  config.jelly
    │   │                       │   ├── [2.5K]  help.html
    │   │                       │   ├── [1.2K]  help-ignoreErrors.html
    │   │                       │   ├── [1.1K]  help-source.html
    │   │                       │   └── [1.1K]  help-targets.html
    │   │                       ├── [4.0K]  SCMBinder
    │   │                       │   └── [1.2K]  config.jelly
    │   │                       ├── [4.0K]  SCMVar
    │   │                       │   └── [1.6K]  help.jelly
    │   │                       ├── [4.0K]  WorkflowBranchProjectFactory
    │   │                       │   ├── [1.3K]  config.jelly
    │   │                       │   ├── [1.4K]  getting-started.jelly
    │   │                       │   ├── [ 957]  getting-started-links.jelly
    │   │                       │   └── [ 302]  help-scriptPath.html
    │   │                       ├── [4.0K]  WorkflowMultiBranchProject
    │   │                       │   └── [1.2K]  newInstanceDetail.jelly
    │   │                       └── [4.0K]  WorkflowMultiBranchProjectFactory
    │   │                           ├── [1.3K]  config.jelly
    │   │                           ├── [1.4K]  getting-started.jelly
    │   │                           ├── [ 958]  getting-started-links.jelly
    │   │                           └── [ 302]  help-scriptPath.html
    │   └── [4.0K]  webapp
    │       └── [4.0K]  images
    │           └── [ 80K]  pipelinemultibranchproject.svg
    └── [4.0K]  test
        ├── [4.0K]  java
        │   └── [4.0K]  org
        │       └── [4.0K]  jenkinsci
        │           └── [4.0K]  plugins
        │               └── [4.0K]  workflow
        │                   └── [4.0K]  multibranch
        │                       ├── [5.9K]  DurabilityHintBranchPropertyWorkflowTest.java
        │                       ├── [4.4K]  GitDirectorySCMNavigator.java
        │                       ├── [ 34K]  JobPropertyStepTest.java
        │                       ├── [8.6K]  NoTriggerBranchPropertyWorkflowTest.java
        │                       ├── [10.0K]  ReadTrustedStepTest.java
        │                       ├── [7.0K]  RepairBranchPropertyTest.java
        │                       ├── [8.1K]  ReplayActionTest.java
        │                       ├── [5.4K]  ResolveScmStepTest.java
        │                       ├── [ 15K]  SCMBinderTest.java
        │                       ├── [7.0K]  SCMVarTest.java
        │                       ├── [4.9K]  WorkflowBranchProjectFactoryTest.java
        │                       ├── [9.8K]  WorkflowMultiBranchProjectFactoryTest.java
        │                       └── [ 13K]  WorkflowMultiBranchProjectTest.java
        └── [4.0K]  resources
            └── [4.0K]  org
                └── [4.0K]  jenkinsci
                    └── [4.0K]  plugins
                        └── [4.0K]  workflow
                            └── [4.0K]  multibranch
                                ├── [4.0K]  GitDirectorySCMNavigator
                                │   └── [ 229]  config.jelly
                                ├── [4.0K]  JobPropertyStepTest
                                │   └── [6.0K]  trackerPropertyUpgrade.zip
                                ├── [4.0K]  RepairBranchPropertyTest
                                │   └── [ 33K]  removedPropertyAtStartup.zip
                                └── [4.0K]  WorkflowMultiBranchProjectTest
                                    └── [4.0K]  OldSCM
                                        └── [  85]  config.jelly

43 directories, 62 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!