Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2022-02-15T00:00:00
Updated: 2024-08-03T04:36:06.194Z
Reserved: 2022-02-15T00:00:00
Link: CVE-2022-25175
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-02-15T17:15:08.627
Modified: 2023-11-30T19:12:13.310
Link: CVE-2022-25175
Redhat