GHSA-9x5v-8352-244g

Source

https://github.com/advisories/GHSA-9x5v-8352-244g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9x5v-8352-244g/GHSA-9x5v-8352-244g.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-9x5v-8352-244g

Aliases

CVE-2019-10357

Published

2022-05-24T16:51:50Z

Modified

2023-11-01T04:50:01.343184Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin

Details

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.

Database specific

{
    "nvd_published_at": "2019-07-31T13:15:00Z",
    "cwe_ids": [
        "CWE-285",
        "CWE-862"
    ],
    "severity": "MODERATE",
    "github_reviewed_at": "2022-06-28T22:41:06Z",
    "github_reviewed": true
}

References

Affected packages

Maven / org.jenkins-ci.plugins.workflow:workflow-cps-global-lib

Package

Name: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.15

Affected versions

0.*

0.1-beta-5

0.1-beta-6

0.1-beta-7

0.1-beta-8

1.*

1.0-beta-1

1.0

1.1

1.2

1.3

1.4

1.4.1

1.4.2

1.4.3-beta-1

1.4.3

1.5

1.6-alpha-1

1.6

1.7-alpha-1

1.7

1.8

1.9-beta-1

1.9

1.10-beta-1

1.10

1.10.1

1.11-beta-1

1.11-beta-2

1.11-beta-3

1.11-beta-4

1.11

1.12-beta-1

1.12-beta-2

1.12-beta-3

1.12

1.13

1.14-beta-1

1.14

1.14.1-beta-1

1.14.1

1.14.2

1.15-beta-1

1.15

2.*

2.0

2.1

2.2

2.3

2.4

2.5

2.6

2.7

2.8

2.9

2.10

2.11

2.12

2.12.1

2.13

2.13.1

2.14

Database specific

last_known_affected_version_range

"<= 2.14"