cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43406,https://securityvulnerability.io/vulnerability/CVE-2022-43406,Sandbox Bypass in Jenkins Pipeline: Deprecated Groovy Libraries Plugin by Jenkins,"A sandbox bypass vulnerability in the Jenkins Pipeline: Deprecated Groovy Libraries Plugin allows authorized users to define untrusted Pipeline libraries and execute scripts outside the security constraints of the sandbox. This can result in arbitrary code execution within the Jenkins controller JVM, posing significant risks to the integrity of the Jenkins environment and its underlying systems.",Jenkins,Jenkins Pipeline: Deprecated Groovy Libraries Plugin,9.9,CRITICAL,0.001120000029914081,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-43405,https://securityvulnerability.io/vulnerability/CVE-2022-43405,Sandbox Bypass Vulnerability in Jenkins Pipeline: Groovy Libraries Plugin,"A vulnerability exists in the Jenkins Pipeline: Groovy Libraries Plugin that allows attackers, with the necessary permissions, to evade sandbox restrictions. By exploiting this flaw, they can define untrusted Pipeline libraries and execute sandboxed scripts, potentially leading to arbitrary code execution within the Jenkins controller JVM. This presents a significant risk as it undermines the security model of the Jenkins platform, allowing malicious actors to manipulate functionalities and access sensitive data.",Jenkins,Jenkins Pipeline: Groovy Libraries Plugin,9.9,CRITICAL,0.001120000029914081,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-29047,https://securityvulnerability.io/vulnerability/CVE-2022-29047,Improper Validation in Shared Groovy Libraries Plugin for Jenkins,"The Shared Groovy Libraries Plugin for Jenkins allows attackers, who can submit pull requests but cannot commit directly to the source code management (SCM) system, to alter the pipeline behavior. This is achieved by modifying the definition of a dynamically retrieved library within their pull request. Even if the pipeline is set to distrust these external submissions, the lack of proper validation enables the potential exploitation of this vulnerability, allowing unauthorized control over the pipeline execution.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-04-12T19:50:46.000Z,0
CVE-2022-25183,https://securityvulnerability.io/vulnerability/CVE-2022-25183,Arbitrary Code Execution in Jenkins Pipeline due to Unsanitized Library Names,"The Shared Groovy Libraries Plugin for Jenkins can be exploited due to lack of sanitization in the naming of Pipeline libraries. This results in the creation of cache directories that may allow an attacker with Item/Configure permissions to execute arbitrary code on the Jenkins controller JVM. If a global Pipeline library configured to utilize caching exists, attackers can leverage specially crafted library names to compromise the system.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-02-15T16:11:07.000Z,0
CVE-2022-25182,https://securityvulnerability.io/vulnerability/CVE-2022-25182,Sandbox Bypass in Jenkins Pipeline: Shared Groovy Libraries Plugin,"The Jenkins Pipeline: Shared Groovy Libraries Plugin is susceptible to a sandbox bypass vulnerability. This flaw allows attackers with Item/Configure permissions to execute arbitrary code on the Jenkins controller JVM. The exploit is facilitated by using specially crafted library names when a global Pipeline library is already configured. Consequently, this can lead to unauthorized access and manipulation of the server's functionality.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-02-15T16:11:05.000Z,0
CVE-2022-25181,https://securityvulnerability.io/vulnerability/CVE-2022-25181,Sandbox Bypass in Jenkins Pipeline: Shared Groovy Libraries Plugin,"A vulnerability exists in the Jenkins Pipeline: Shared Groovy Libraries Plugin that allows attackers with Item/Configure permission to bypass the sandbox restrictions. This enables them to execute arbitrary code within the Jenkins controller's JVM through carefully crafted source control management (SCM) contents, as long as a global Pipeline library is present. This presents significant security risks to Jenkins environments, especially those using untrusted libraries.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,8.8,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2022-02-15T16:11:03.000Z,0
CVE-2022-25178,https://securityvulnerability.io/vulnerability/CVE-2022-25178,Arbitrary File Reading in Jenkins Pipeline Due to Shared Groovy Libraries Plugin Vulnerability,"The Shared Groovy Libraries Plugin in Jenkins fails to adequately restrict resource names passed to the libraryResource step. This flaw allows attackers with Pipeline configuration permissions to read any file on the Jenkins controller's file system, potentially exposing sensitive information and compromising the system.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-02-15T16:10:58.000Z,0
CVE-2022-25177,https://securityvulnerability.io/vulnerability/CVE-2022-25177,File Reading Vulnerability in Jenkins Pipeline with Shared Groovy Libraries Plugin,"The Shared Groovy Libraries Plugin for Jenkins Pipeline is susceptible to a vulnerability that involves following symbolic links to unexpected file locations when accessing files through the libraryResource step. This flaw permits attackers who have configured Pipelines to read arbitrary files from the Jenkins controller's file system, potentially leading to unauthorized information disclosure.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-02-15T16:10:56.000Z,0
CVE-2022-25174,https://securityvulnerability.io/vulnerability/CVE-2022-25174,Arbitrary OS Command Invocation in Jenkins Pipeline due to Shared Groovy Libraries Plugin Vulnerability,"The Shared Groovy Libraries Plugin for Jenkins allows for potentially dangerous configurations due to its use of the same checkout directories for different Source Code Management (SCM) systems. This flaw enables users with sufficient permissions to execute arbitrary operating system commands on the Jenkins controller. Attackers can exploit this vulnerability by maliciously crafting SCM contents, thereby leading to unauthorized command execution and potential system compromise.",Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,8.8,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-02-15T16:10:52.000Z,0
CVE-2019-10357,https://securityvulnerability.io/vulnerability/CVE-2019-10357,,A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.,Jenkins,Jenkins Pipeline: Shared Groovy Libraries Plugin,4.3,MEDIUM,0.0017800000496208668,false,,false,false,false,,,false,false,,2019-07-31T12:45:21.000Z,0