github - ghsa-2m9w-9xh2-wxc3

GHSA-2M9W-9XH2-WXC3

Vulnerability from github – Published: 2022-02-16 00:01 – Updated: 2023-05-24 14:25

Summary

Link Following in Jenkins Pipeline Multibranch Plugin

Details

Jenkins Pipeline: Multibranch Plugin prior to 2.23.1, 2.26.1, 696.698.v9b4218eea50f, and 707.v71c3f0a_6ccdb_ follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins.workflow:workflow-multibranch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.24"
            },
            {
              "fixed": "2.26.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins.workflow:workflow-multibranch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.23.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins.workflow:workflow-multibranch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "696.v52535c46f4c9"
            },
            {
              "fixed": "696.698.v9b4218eea50f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins.workflow:workflow-multibranch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "706.vd43c65dec013"
            },
            {
              "fixed": "707.v71c3f0a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-25179"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-25T20:40:40Z",
    "nvd_published_at": "2022-02-15T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins Pipeline: Multibranch Plugin prior to 2.23.1, 2.26.1, 696.698.v9b4218eea50f, and 707.v71c3f0a_6ccdb_ follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.",
  "id": "GHSA-2m9w-9xh2-wxc3",
  "modified": "2023-05-24T14:25:01Z",
  "published": "2022-02-16T00:01:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25179"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CVEProject/cvelist/blob/00bfb5abeecc9f553a2f42954ee540e493498ee9/2022/25xxx/CVE-2022-25179.json"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Link Following in Jenkins Pipeline Multibranch Plugin"
}

CVE-2022-25179 (GCVE-0-2022-25179)

Vulnerability from cvelistv5 – Published: 2022-02-15 00:00 – Updated: 2024-08-03 04:36

Summary

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

Severity ?

No CVSS data available.

Assigner

jenkins

References

URL

Tags

https://www.jenkins.io/security/advisory/2022-02-…

Impacted products

	Vendor	Product	Version
	Jenkins project	Jenkins Pipeline: Multibranch Plugin	Unaffected: 2.26.1 Unaffected: 2.23.1 Unaffected: 696.698.v9b4218eea50f Affected: unspecified , ≤ 706.vd43c65dec013 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:36:05.767Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins Pipeline: Multibranch Plugin",
          "vendor": "Jenkins project",
          "versions": [
            {
              "status": "unaffected",
              "version": "2.26.1"
            },
            {
              "status": "unaffected",
              "version": "2.23.1"
            },
            {
              "status": "unaffected",
              "version": "696.698.v9b4218eea50f"
            },
            {
              "lessThanOrEqual": "706.vd43c65dec013",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T14:19:36.814Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2613"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2022-25179",
    "datePublished": "2022-02-15T00:00:00",
    "dateReserved": "2022-02-15T00:00:00",
    "dateUpdated": "2024-08-03T04:36:05.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-2M9W-9XH2-WXC3

CVE-2022-25179 (GCVE-0-2022-25179)

Tags

Sightings

Nomenclature