CVE-2022-29047 — MEDIUM (5.3)

Q: How severe is CVE-2022-29047?

CVE-2022-29047 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-29047?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Pipeline\.

Vulnerability Description

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Jenkins	Pipeline\	< 2.21.3, _shared_groovy_libraries

Related Weaknesses (CWE)

CWE-863

References

https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-1951Vendor Advisory
https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-1951Vendor Advisory

FAQ

What is CVE-2022-29047?

CVE-2022-29047 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the ...

How severe is CVE-2022-29047?

CVE-2022-29047 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29047?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Pipeline\.