8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-25174

GHSA ID

GHSA-g9fx-6j5c-grmw

EPSS Score

0.82431%

CWE

CWE-78

Published

2/16/2022

Updated

12/22/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-25174

CVE-2022-25174: Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin

Jenkins Pipeline: Shared Groovy Libraries Plugin prior to 561.va_ce0de3c2d69, 2.21.1, and 2.18.1 uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-25174

GHSA ID

GHSA-g9fx-6j5c-grmw

EPSS Score

0.82431%

CWE

CWE-78

Published

2/16/2022

Updated

12/22/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib	maven	>= 544.vff04fa68714d, < 561.va	561.va
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib	maven	>= 2.19, < 2.21.1	2.21.1
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib	maven	< 2.18.1	2.18.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from directory collision in SCM checkouts. The commit diff shows the fix introduced hashed directory names (directoryNameFor) based on SCM source+metadata. The original code in LibraryAdder.retrieve used unsanitized library names to create paths, and LibraryRecord stored no unique directory identifiers. This allowed attackers to poison shared directories via malicious SCMs. The functions handling directory path construction without proper uniqueness mechanisms are the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins Pip*lin*: S**r** *roovy Li*r*ri*s Plu*in prior to ***.v*_***********, *.**.*, *n* *.**.* us*s t** s*m* ****kout *ir**tori*s *or *istin*t S*Ms *or Pip*lin* li*r*ri*s, *llowin* *tt**k*rs wit* It*m/*on*i*ur* p*rmission to invok* *r*itr*ry OS *om

Reasoning

T** vuln*r**ility st*mm** *rom *ir**tory *ollision in S*M ****kouts. T** *ommit *i** s*ows t** *ix intro*u*** **s*** *ir**tory n*m*s (`*ir**toryN*m**or`) **s** on S*M sour**+m*t***t*. T** ori*in*l *o** in `Li*r*ry****r.r*tri*v*` us** uns*nitiz** li*r

8.8

Basic Information

Concerned about an active attack path?

CVE-2022-25174: Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI