Vulnerabilities > Jenkins > Pipeline

DATE CVE VULNERABILITY TITLE RISK
2022-02-15 CVE-2022-25180 Cleartext Transmission of Sensitive Information vulnerability in Jenkins Pipeline: Groovy
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.
network
low complexity
jenkins CWE-319
4.3
2022-02-15 CVE-2022-25181 Unspecified vulnerability in Jenkins Pipeline:Shared Groovy Libraries
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists.
network
low complexity
jenkins
8.8
2022-02-15 CVE-2022-25182 Unspecified vulnerability in Jenkins Pipeline:Shared Groovy Libraries
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured.
network
low complexity
jenkins
8.8
2022-02-15 CVE-2022-25183 Unspecified vulnerability in Jenkins Pipeline:Shared Groovy Libraries
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists.
network
low complexity
jenkins
8.8
2022-02-15 CVE-2022-25184 Insufficiently Protected Credentials vulnerability in Jenkins Pipeline: Build Step
Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs.
network
low complexity
jenkins CWE-522
6.5
2020-03-25 CVE-2020-2166 Improper Input Validation vulnerability in Jenkins Pipeline: AWS Steps
Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-20
8.8
2020-02-12 CVE-2020-2109 Improper Input Validation vulnerability in Jenkins Pipeline: Groovy
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods.
network
low complexity
jenkins CWE-20
8.8
2019-07-31 CVE-2019-10357 Missing Authorization vulnerability in multiple products
A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.
network
low complexity
jenkins redhat CWE-862
4.3
2019-03-28 CVE-2019-1003041 Unsafe Reflection vulnerability in multiple products
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
network
low complexity
jenkins redhat CWE-470
critical
9.8
2019-03-08 CVE-2019-1003030 A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins redhat
critical
9.9