OpenCVE

Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jenkins	Pipeline\
Redhat	Openshift

Configuration 1 [-]

cpe:2.3:a:jenkins:pipeline\:_groovy:*:*:*:*:*:jenkins:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.8
jenkins-2-plugins-0:4.8.1672842762-1.el8	cpe:/a:redhat:openshift:4.8::el8	RHSA-2023:0017	2023-01-12T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/05/17/8
https://nvd.nist.gov/vuln/detail/CVE-2022-30945
https://www.cve.org/CVERecord?id=CVE-2022-30945
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359

History

No history.

MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2022-05-17T14:05:37

Updated: 2024-08-03T07:03:40.031Z

Reserved: 2022-05-16T00:00:00

Link: CVE-2022-30945

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-17T15:15:08.647

Modified: 2024-11-21T07:03:36.430

Link: CVE-2022-30945

Redhat

Severity : Important

Publid Date: 2022-05-17T00:00:00Z

Links: CVE-2022-30945 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Jenkins Pipeline: Groovy Plugin", "vendor": "Jenkins project", "versions": [{"lessThanOrEqual": "2689.v434009a_31b_f1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "unaffected", "version": "2683.2687.vb_0cc3f973f06"}, {"status": "unaffected", "version": "2.94.4"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T14:21:39.109Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359"}, {"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2022-30945", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins Pipeline: Groovy Plugin", "version": {"version_data": [{"version_affected": "<=", "version_value": "2689.v434009a_31b_f1"}, {"version_affected": "!", "version_value": "2683.2687.vb_0cc3f973f06"}, {"version_affected": "!", "version_value": "2.94.4"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-693: Protection Mechanism Failure"}]}]}, "references": {"reference_data": [{"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359", "refsource": "CONFIRM", "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359"}, {"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:03:40.031Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359"}, {"name": "[oss-security] 20220517 Multiple vulnerabilities in Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"}]}]}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2022-30945", "datePublished": "2022-05-17T14:05:37", "dateReserved": "2022-05-16T00:00:00", "dateUpdated": "2024-08-03T07:03:40.031Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:pipeline\\:_groovy:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "B2F9F190-63A9-4B22-B99E-BA93EC46ED7A", "versionEndExcluding": "2689.v434009a_31b_f1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines."}, {"lang": "es", "value": "Jenkins Pipeline: Groovy Plugin versiones 2689.v434009a_31b_f1 y anteriores, permite cargar cualquier archivo fuente Groovy en el classpath de Jenkins y de los plugins de Jenkins en pipelines de sandbox"}], "id": "CVE-2022-30945", "lastModified": "2024-11-21T07:03:36.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-17T15:15:08.647", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/05/17/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}