CVE-2022-25176

CVE-2022-25176

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.

Source: CVE-2022-25176

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다