CVE-2022-29047 is a vulnerability in Jenkins Pipeline
Published on April 12, 2022
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them.
Products Associated with CVE-2022-29047
Want to know whenever a new CVE is published for Jenkins Pipeline? stack.watch will email you.
Affected Versions
Jenkins project Jenkins Pipeline: Shared Groovy Libraries Plugin:- Version unspecified, <= 564.ve62a_4eb_b_e039 is affected.
- Version 2.21.3 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.