漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jenkins Pipeline 后置链接漏洞
Vulnerability Description
Jenkins Pipeline是一套插件,支持将持续交付管道实施和集成到 Jenkins 中。 Jenkins Pipeline Groovy Plugin 存在后置链接漏洞,该漏洞源于Jenkins管道Groovy Plugin 2648.va9433432b33c和更早的版本在读取pipelinux的脚本文件(通常是Jenkinsfile)时,使用符号链接指向配置SCM的签出目录之外的位置。攻击者可利用该漏洞配置pipelinux来读取Jenkins控制器文件系统上的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A