This may result in arbitrary code execution. Jenkins does not allow plugins to have access to the classpath. If a plugin attempts to load a Groovy source file on the classpath, it will be blocked and an error message will be displayed. The plugin developer should consider using a build system other than Jenkins or consider loading the source files from source control only.
Prior to upgrading, administrators should audit the plugin classpath to make sure that it is accessible only to Jenkins code. If a plugin attempts to load a Groovy source file on the classpath, it will be blocked and an error message will be displayed. The plugin developer should consider using a build system other than Jenkins or consider loading the source files from source control only.
CVE-2023-30946
This may result in an information disclosure. Jenkins does not allow plugins to have access to the classpath. If a plugin attempts to load a Groovy source file on the classpath, it will be blocked and an error message will be displayed. The plugin developer should consider using a build system other than Jenkins or consider loading the source files from source control only.
Prior to upgrading, administrators should audit the plugin classpath to make sure that it is accessible only to Jenkins code. If a plugin attempts to load a Groovy source file on the classpath, it will be blocked and an error message will be displayed. The plugin developer should consider using a build system other than Jenkins or consider loading the source files from source control only.
Build and deployment configuration
Jenkins allows plugins to have access to the classpath. If a plugin attempts to load a Groovy source file on the classpath, it will be blocked and an error message will be displayed. The plugin developer should consider using a build system other than Jenkins or consider loading the source files from source control only.
CVE-2023-30948
This may result in arbitrary code execution. Jenkins does not allow plugins to have access to the classpath. If a plugin attempts to load a Groovy source file on the classpath, it will be blocked and an error message will be displayed. The plugin developer should consider using a build system other than Jenkins or consider loading the source files from source control only.
Prior to upgrading, administrators should audit the plugin classpath to make sure that it is accessible only to Jenkins code. If a plugin attempts to load a Groovy source file on the classpath, it will be blocked and an error message will be displayed. The plugin developer should consider using a build system other than Jenkins or consider loading the source files from source control only.
CVE-2021-30937
This may result in arbitrary code execution. This vulnerability is present in Jenkins versions 2.123 and 2.124.
Timeline
Published on: 05/17/2022 15:15:00 UTC
Last modified on: 05/26/2022 04:48:00 UTC