CVE-2022-25179
MEDIUMJenkins Pipeline Multibranch Plugin < 706.vd43c65dec013 - Arbitrary File Read via readTrusted Step
Title source: llmDescription
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613
Scores
CVSS v3
6.5
EPSS
0.0157
EPSS Percentile
81.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-59
Status
published
Products (2)
jenkins/pipeline\
< 706.vd43c65dec013
org.jenkins-ci.plugins.workflow/workflow-multibranch
2.24 - 2.26.1Maven
Published
Feb 15, 2022
Tracked Since
Feb 18, 2026