CVE-2022-25177

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-59
View all →

Vulnerability Description

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.

Related Vulnerabilities

CVE-2005-0587

MEDIUM
CVSS:6.5(Medium)

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file t...

CWE-592005

CVE-2010-0398

MEDIUM
CVSS:6.5(Medium)

The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack.

CWE-592010

CVE-2015-3147

MEDIUM
CVSS:6.5(Medium)

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unsp...

CWE-592015

CVE-2018-14335

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database ...

CWE-592018

CVE-2018-15351

MEDIUM
CVSS:6.5(Medium)

Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118.

CWE-592018

CVE-2019-1425

MEDIUM
CVSS:6.5(Medium)

An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.

CWE-592019