CVE-2022-25178
MEDIUMJenkins Pipeline < 552.vd9cc05b8a2e1 - Path Traversal via libraryResource Step
Title source: llmDescription
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.
References (1)
Core 1
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613
Scores
CVSS v3
6.5
EPSS
0.0030
EPSS Percentile
53.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
jenkins/pipeline\
< 552.vd9cc05b8a2e1
org.jenkins-ci.plugins.workflow/workflow-cps-global-lib
2.22 - 561.va_ce0de3c2d69Maven
Published
Feb 15, 2022
Tracked Since
Feb 18, 2026