Main Vulnerability Database Vulnerabilities #VU60643

#VU60643 UNIX symbolic link following in Pipeline: Multibranch - CVE-2022-25179

Published: February 16, 2022

Vulnerability identifier: #VU60643

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-25179

CWE-ID: CWE-61

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Pipeline: Multibranch

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to the affected plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. A remote user can configure Pipelines permission to read arbitrary files on the Jenkins controller file system.

Remediation

Install updates from vendor's website.

External links

https://jenkins.io/security/advisory/2022-02-15/

#VU60643 UNIX symbolic link following in Pipeline: Multibranch - CVE-2022-25179

Description

Remediation

External links

Please verify you're human