CVE-2022-30945

EUVD-2022-2074
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
jenkinspipeline\
𝑥
< 2689.v434009a_31b_f1
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2022/05/17/8
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359
http://www.openwall.com/lists/oss-security/2022/05/17/8
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359