CVE-2022-30945

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-30945

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-30945.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-30945

Aliases

GHSA-2xvx-rw9p-xgfc

Downstream

RHSA-2023:0017

Published

2022-05-17T15:15:08.647Z

Modified

2026-01-29T06:14:11.717397Z

Severity

8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.

References

Affected packages

Git / github.com/jenkinsci/workflow-cps-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/workflow-cps-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

434009a31bf1ab2aae028c02fe2c4b41dd7c9af9

Affected versions

2633.*

2633.v6baeedc13805

2640.*

2640.v00e79c8113de

2644.*

2644.v29a793dac95a

2646.*

2646.v6ed3b5b01ff1

2648.*

2648.va9433432b33c

2656.*

2656.vf7a_e7b_75a_457

2659.*

2659.v52d3de6044d0

2660.*

2660.vb_c0412dc4e6d

2680.*

2680.vf642ed4fa_d55

2682.*

2682.va_473dcddc941

2683.*

2683.vd0a_8f6a_1c263

2686.*

2686.v7c37e0578401

2687.*

2687.v3f09155513c1

2688.*

2688.v39a_b_e5c49a_65

workflow-cps-2.*

workflow-cps-2.0

workflow-cps-2.1

workflow-cps-2.10

workflow-cps-2.11

workflow-cps-2.12

workflow-cps-2.13

workflow-cps-2.14

workflow-cps-2.15

workflow-cps-2.16

workflow-cps-2.17

workflow-cps-2.18

workflow-cps-2.19

workflow-cps-2.2

workflow-cps-2.20

workflow-cps-2.21

workflow-cps-2.22

workflow-cps-2.23

workflow-cps-2.24

workflow-cps-2.25

workflow-cps-2.26

workflow-cps-2.27

workflow-cps-2.28

workflow-cps-2.29

workflow-cps-2.3

workflow-cps-2.30

workflow-cps-2.31

workflow-cps-2.32

workflow-cps-2.33

workflow-cps-2.34

workflow-cps-2.35

workflow-cps-2.36

workflow-cps-2.37

workflow-cps-2.38

workflow-cps-2.39

workflow-cps-2.4

workflow-cps-2.40

workflow-cps-2.41

workflow-cps-2.42

workflow-cps-2.43

workflow-cps-2.44

workflow-cps-2.45

workflow-cps-2.46

workflow-cps-2.47

workflow-cps-2.48

workflow-cps-2.49

workflow-cps-2.5

workflow-cps-2.50

workflow-cps-2.51

workflow-cps-2.52

workflow-cps-2.53

workflow-cps-2.54

workflow-cps-2.55

workflow-cps-2.56

workflow-cps-2.57

workflow-cps-2.58

workflow-cps-2.58-beta-1

workflow-cps-2.59

workflow-cps-2.6

workflow-cps-2.60

workflow-cps-2.61

workflow-cps-2.62

workflow-cps-2.63

workflow-cps-2.64

workflow-cps-2.65

workflow-cps-2.66

workflow-cps-2.67

workflow-cps-2.68

workflow-cps-2.69

workflow-cps-2.7

workflow-cps-2.70

workflow-cps-2.71

workflow-cps-2.72

workflow-cps-2.73

workflow-cps-2.74

workflow-cps-2.75

workflow-cps-2.76

workflow-cps-2.77

workflow-cps-2.78

workflow-cps-2.79

workflow-cps-2.8

workflow-cps-2.80

workflow-cps-2.81

workflow-cps-2.82

workflow-cps-2.83

workflow-cps-2.84

workflow-cps-2.85

workflow-cps-2.86

workflow-cps-2.87

workflow-cps-2.88

workflow-cps-2.89

workflow-cps-2.9

workflow-cps-2.90

workflow-cps-2.91

workflow-cps-2.92

workflow-cps-2.93

workflow-cps-2.94

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "source": "https://github.com/jenkinsci/workflow-cps-plugin/commit/434009a31bf1ab2aae028c02fe2c4b41dd7c9af9",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "19808702222069825966388408905846565132",
                "191113629411866929203285405663844993334",
                "120995463284699761451709982309751934238",
                "81023933825688544246935418987105736366",
                "304866683468154360126256303675013976374",
                "139090592171800285111575499990465380468",
                "54297006033284316805100916530263813833",
                "81727139158803856659466349216896137499"
            ]
        },
        "target": {
            "file": "src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowExecution.java"
        },
        "id": "CVE-2022-30945-a5d6c71a",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/jenkinsci/workflow-cps-plugin/commit/434009a31bf1ab2aae028c02fe2c4b41dd7c9af9",
        "digest": {
            "function_hash": "278582366955573309991294442338374588963",
            "length": 182.0
        },
        "target": {
            "file": "src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowExecution.java",
            "function": "close"
        },
        "id": "CVE-2022-30945-e5a5bb62",
        "deprecated": false,
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-30945.json"