GHSA-pj84-qjm3-77mg, CVE-2022-25175
maven/org.jenkins-ci.plugins.workflow/workflow-multibranch
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses distinct checkout directories per SCM for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
All versions up to 706.vd43c65dec013
Upgrade to version 707.v71c3f0a_6ccdb or above.
2022-06-21
source |