CVE-2022-25182
HIGHJenkins Pipeline: Shared Groovy Libraries Plugin <552.vd9cc05b8a2e1...
Title source: llmDescription
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2422
Scores
CVSS v3
8.8
EPSS
0.0029
EPSS Percentile
52.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
Status
published
Products (2)
jenkins/pipeline\
< 552.vd9cc05b8a2e1
org.jenkins-ci.plugins.workflow/workflow-cps-global-lib
0 - 561.va_ce0de3c2d69Maven
Published
Feb 15, 2022
Tracked Since
Feb 18, 2026