CVE-2022-25174
- Source
- https://cve.org/CVERecord?id=CVE-2022-25174
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25174.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-25174
- Aliases
- Downstream
- Published
- 2022-02-15T17:15:08.560Z
- Modified
- 2026-05-06T22:09:47.878890Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
- References
Affected packages
Git / github.com/jenkinsci/workflow-cps-global-lib-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/workflow-cps-global-lib-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "552.vd9cc05b8a2e1" } ], "cpe": "cpe:2.3:a:jenkins:pipeline\\:shared_groovy_libraries:*:*:*:*:*:jenkins:*:*" }
Affected versions
544.*
544.vff04fa68714d
545.*
545.v7b28cce323cf
548.*
548.v9085a486966a
552.*
552.vd9cc05b8a2e1
workflow-cps-global-lib-2.*
workflow-cps-global-lib-2.0
workflow-cps-global-lib-2.1
workflow-cps-global-lib-2.10
workflow-cps-global-lib-2.11
workflow-cps-global-lib-2.12
workflow-cps-global-lib-2.13
workflow-cps-global-lib-2.14
workflow-cps-global-lib-2.15
workflow-cps-global-lib-2.16
workflow-cps-global-lib-2.17
workflow-cps-global-lib-2.18
workflow-cps-global-lib-2.19
workflow-cps-global-lib-2.2
workflow-cps-global-lib-2.20
workflow-cps-global-lib-2.21
workflow-cps-global-lib-2.3
workflow-cps-global-lib-2.4
workflow-cps-global-lib-2.5
workflow-cps-global-lib-2.6
workflow-cps-global-lib-2.7
workflow-cps-global-lib-2.8
workflow-cps-global-lib-2.9