Remote attackers can leverage these issues to execute arbitrary code on the Jenkins master, cause denial of service, obtain sensitive information, or hijack the session of an authenticated user. Graphene - Plugins v1.24 and earlier does not properly validate the SCM content before executing it, allowing attackers to inject OS commands into the Jenkins environment.
CVEs — NVD — MITRE — Package — CVSS Metrics These issues can be exploited through injection of crafted checkout directories (e.g., /var/jenkins_home/work/ or /var/lib/jenkins) into the Jenkinsfile, allowing attackers to execute arbitrary OS commands on the Jenkins master through crafted SCM contents. In the case of Git, all input is validated before being committed to the SCM. However, there are a few possible ways for an attacker to exploit this. One is to change the commit message, so that it ends up in a new branch. Then, when a build is triggered, the code will be executed from the new branch instead of the main branch where the commit message is. Another way an attacker can exploit this issue is through changing the commit message, so that when the code is committed, it will be in a different branch. This will cause a build to be triggered from a different branch than where the commit message is, and thus will result in the code being executed from a different branch than where it was committed.
None - Not applicable to this type of risk CVE-2022-25173
Remote attackers can leverage these issues to execute arbitrary code on the Jenkins master, cause denial of service, obtain sensitive information, or hijack the session of an authenticated user. Graphene - Plugins v1.24 and earlier does not properly validate the SCM content before executing it, allowing attackers to inject OS commands into the Jenkins environment.
References
The following is a list of references that provide additional details on the CVE identifier.
CVE-2022-25173: Remote attackers can leverage these issues to execute arbitrary code on the Jenkins master, cause denial of service, obtain sensitive information, or hijack the session of an authenticated user. Graphene - Plugins v1.24 and earlier does not properly validate the SCM content before executing it, allowing attackers to inject OS commands into the Jenkins environment.
Graphene - Plugins v1.24 and earlier does not properly validate the SCM content before executing it, allowing attackers to inject OS commands into the Jenkins environment.
The Graphene - Plugins v1.24 and earlier does not properly validate the SCM content before executing it, allowing attackers to inject OS commands into the Jenkins environment. The issue exists because Graphene - Plugins v1.24 and earlier does not properly validate SCM content before executing it, which allows attackers to inject OS commands into the Jenkins environment. It can be exploited through injection of crafted checkout directories (e.g., /var/jenkins_home/work/ or /var/lib/jenkins) into a Jenkinsfile, allowing attackers to execute arbitrary OS commands on the Jenkins master through crafted SCM contents. In the case of Git, all input is validated before being committed to the SCM. However, there are a few possible ways for an attacker to exploit this issue:
- If an attacker changes the commit message so that it ends up in a new branch, then when a build is triggered from that branch (by updating index files), the code will be executed from that branch instead of from where it was committed (in this case, main).
- If an attacker changes the commit message so that when code is committed, it will be in a different branch. This will cause a build to be triggered from a different branch than where the commit message is (in this case main), and thus will result in code
Timeline
Published on: 02/15/2022 17:15:00 UTC
Last modified on: 02/23/2022 19:57:00 UTC