CVE-2022-25183
HIGHJenkins Pipeline: Shared Groovy Libraries Plugin <552.vd9cc05b8a2e1...
Title source: llmDescription
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2586
Scores
CVSS v3
8.8
EPSS
0.0040
EPSS Percentile
60.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (2)
jenkins/pipeline\
< 552.vd9cc05b8a2e1
org.jenkins-ci.plugins.workflow/workflow-cps-global-lib
0 - 561.va_ce0de3c2d69Maven
Published
Feb 15, 2022
Tracked Since
Feb 18, 2026