漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jenkins Pipeline 后置链接漏洞
Vulnerability Description
Jenkins Pipeline是一套插件,支持将持续交付管道实施和集成到 Jenkins 中。 Jenkins Pipeline Shared Groovy Libraries Plugin 存在后置链接漏洞,该漏洞源于Jenkins Pipeline 共享Groovy库插件552.vd9cc05b8a2e1和更早的版本没有限制传递给libraryResource步骤的资源名。攻击者可利用该漏洞能够配置管道权限来读取Jenkins控制器文件系统上的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A