8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-25181

GHSA ID

GHSA-7w2w-fwpf-9m4h

EPSS Score

0.3739%

CWE

CWE-693

Published

2/16/2022

Updated

12/22/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-25181

CVE-2022-25181:
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure

Jenkins Pipeline: Deprecated Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same workspace directory for all checkouts of Pipeline libraries with the same name regardless of the SCM being used and the source of the library configuration.

This allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists.

Pipeline: Deprecated Groovy Libraries Plugin 561.va_ce0de3c2d69 uses distinct checkout directories per SCM for Pipeline libraries.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-25181

GHSA ID

GHSA-7w2w-fwpf-9m4h

EPSS Score

0.3739%

CWE

CWE-693

Published

2/16/2022

Updated

12/22/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib	maven	<= 552.vd9cc05b8a2e1	561.va_ce0de3c2d69

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from using non-unique workspace directories based solely on library names. The commit diff shows:

LibraryAdder's retrieve() originally used 'libs/ + name' directory paths
SCMSourceRetriever's doRetrieve() used baseWorkspace + name without SCM context These implementations failed to account for SCM source differences, allowing workspace collisions. The patch introduced directoryNameFor() with HMAC hashing of name/version/trusted/source parameters to ensure uniqueness.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins Pip*lin*: **pr***t** *roovy Li*r*ri*s Plu*in ***.v************ *n* **rli*r us*s t** s*m* worksp*** *ir**tory *or *ll ****kouts o* Pip*lin* li*r*ri*s wit* t** s*m* n*m* r***r*l*ss o* t** S*M **in* us** *n* t** sour** o* t** li*r*ry *on*i*ur*ti

Reasoning

T** vuln*r**ility st*mm** *rom usin* non-uniqu* worksp*** *ir**tori*s **s** sol*ly on li*r*ry n*m*s. T** *ommit *i** s*ows: *. Li*r*ry****r's r*tri*v*() ori*in*lly us** 'li*s/ + n*m*' *ir**tory p*t*s *. S*MSour**R*tri*v*r's *oR*tri*v*() us** **s*Work

8.8

Basic Information

Concerned about an active attack path?

CVE-2022-25181: Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2022-25181:
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure

Vulnerability Intelligence
Miggo AI