Maven package
org.jenkins-ci.plugins.workflow/workflow-multibranch
pkg:maven/org.jenkins-ci.plugins.workflow/workflow-multibranch
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25179 | — | >= 2.24, < 2.26.1 | 2.26.1 | Feb 15, 2022 | Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitra | ||
| CVE-2022-25175 | — | < 707.v71c3f0a_6ccdb | 707.v71c3f0a_6ccdb | Feb 15, 2022 | Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. |
- CVE-2022-25179Feb 15, 2022affected >= 2.24, < 2.26.1fixed 2.26.1
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitra
- CVE-2022-25175Feb 15, 2022affected < 707.v71c3f0a_6ccdbfixed 707.v71c3f0a_6ccdb
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.