CVE-2022-25179

Summary

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Pipeline: Multibranch Plugin2.26.1unaffected
Jenkins projectJenkins Pipeline: Multibranch Plugin2.23.1unaffected
Jenkins projectJenkins Pipeline: Multibranch Plugin696.698.v9b4218eea50funaffected
Jenkins projectJenkins Pipeline: Multibranch Pluginunspecified <= 706.vd43c65dec013affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References