CVE-2022-30945

Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
jenkinsCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
jenkinspipeline\
𝑥
< 2689.v434009a_31b_f1
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2022/05/17/8
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359
http://www.openwall.com/lists/oss-security/2022/05/17/8
https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359