关联漏洞
标题:
Jenkins Pipeline: Multibranch Plugin 操作系统命令注入漏洞
(CVE-2022-25175)
描述:Jenkins和Jenkins Plugin都是Jenkins开源的产品。Jenkins是一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。Jenkins Plugin是一个应用软件。 Jenkins Pipeline: Multibranch Plugin 存在操作系统命令注入漏洞,该漏洞源于 Multibranch Plugin 706.vd43c65dec013 及更早版本在 readTrusted 步骤中使用每个 SCM 的不同签出目录,允许具有 I
介绍
# Pipeline: Multibranch
[](https://plugins.jenkins.io/workflow-multibranch)
[](https://github.com/jenkinsci/workflow-multibranch-plugin/blob/master/CHANGELOG.md)
[](https://plugins.jenkins.io/workflow-multibranch)
## Introduction
Enhances Pipeline plugin to handle branches better by automatically
grouping builds from different branches.
Automatically creates a new Jenkins job whenever a new branch is pushed
to a source code repository.
Other plugins can define various branch types, e.g. a Git branch, a
Subversion branch, a GitHub Pull Request etc.
See this blog post for more
info:<https://jenkins.io/blog/2015/12/03/pipeline-as-code-with-multibranch-workflows-in-jenkins/>
## Notes
To determine the branch being built - use the environment variable
`BRANCH_NAME` - e.g. `${env.BRANCH_NAME}`
## Version History
See [the changelog](CHANGELOG.md).
文件快照
[4.0K] /data/pocs/feee6d3cf7eb84ebda94b8cccda3505310dd40b5
├── [9.2K] CHANGELOG.md
├── [ 171] Jenkinsfile
├── [8.8K] pom.xml
├── [1.1K] README.md
└── [4.0K] src
├── [4.0K] main
│ ├── [4.0K] java
│ │ └── [4.0K] org
│ │ └── [4.0K] jenkinsci
│ │ └── [4.0K] plugins
│ │ └── [4.0K] workflow
│ │ └── [4.0K] multibranch
│ │ ├── [3.7K] AbstractWorkflowBranchProjectFactory.java
│ │ ├── [3.4K] AbstractWorkflowMultiBranchProjectFactory.java
│ │ ├── [4.1K] BranchJobProperty.java
│ │ ├── [4.6K] DurabilityHintBranchProperty.java
│ │ ├── [ 10K] JobPropertyStep.java
│ │ ├── [1.1K] JobPropertyTrackerAction.java
│ │ ├── [ 12K] ReadTrustedStep.java
│ │ ├── [ 11K] ResolveScmStep.java
│ │ ├── [8.8K] SCMBinder.java
│ │ ├── [5.7K] SCMVar.java
│ │ ├── [4.2K] WorkflowBranchProjectFactory.java
│ │ ├── [3.4K] WorkflowMultiBranchProjectFactory.java
│ │ └── [9.1K] WorkflowMultiBranchProject.java
│ ├── [4.0K] resources
│ │ ├── [1.3K] index.jelly
│ │ └── [4.0K] org
│ │ └── [4.0K] jenkinsci
│ │ └── [4.0K] plugins
│ │ └── [4.0K] workflow
│ │ └── [4.0K] multibranch
│ │ ├── [4.0K] DurabilityHintBranchProperty
│ │ │ ├── [1.8K] config.jelly
│ │ │ └── [3.2K] help.html
│ │ ├── [4.0K] JobPropertyStep
│ │ │ ├── [1.3K] config.jelly
│ │ │ └── [ 320] help.html
│ │ ├── [ 387] Messages_fr.properties
│ │ ├── [ 304] Messages.properties
│ │ ├── [1.5K] Messages_zh_CN.properties
│ │ ├── [4.0K] ReadTrustedStep
│ │ │ ├── [1.3K] config.jelly
│ │ │ ├── [ 617] help.html
│ │ │ └── [ 200] help-path.html
│ │ ├── [4.0K] ResolveScmStep
│ │ │ ├── [1.8K] config.jelly
│ │ │ ├── [2.5K] help.html
│ │ │ ├── [1.2K] help-ignoreErrors.html
│ │ │ ├── [1.1K] help-source.html
│ │ │ └── [1.1K] help-targets.html
│ │ ├── [4.0K] SCMBinder
│ │ │ └── [1.2K] config.jelly
│ │ ├── [4.0K] SCMVar
│ │ │ └── [1.6K] help.jelly
│ │ ├── [4.0K] WorkflowBranchProjectFactory
│ │ │ ├── [1.3K] config.jelly
│ │ │ ├── [1.4K] getting-started.jelly
│ │ │ ├── [ 957] getting-started-links.jelly
│ │ │ └── [ 302] help-scriptPath.html
│ │ ├── [4.0K] WorkflowMultiBranchProject
│ │ │ └── [1.2K] newInstanceDetail.jelly
│ │ └── [4.0K] WorkflowMultiBranchProjectFactory
│ │ ├── [1.3K] config.jelly
│ │ ├── [1.4K] getting-started.jelly
│ │ ├── [ 958] getting-started-links.jelly
│ │ └── [ 302] help-scriptPath.html
│ └── [4.0K] webapp
│ └── [4.0K] images
│ └── [ 80K] pipelinemultibranchproject.svg
└── [4.0K] test
├── [4.0K] java
│ └── [4.0K] org
│ └── [4.0K] jenkinsci
│ └── [4.0K] plugins
│ └── [4.0K] workflow
│ └── [4.0K] multibranch
│ ├── [5.9K] DurabilityHintBranchPropertyWorkflowTest.java
│ ├── [4.4K] GitDirectorySCMNavigator.java
│ ├── [ 34K] JobPropertyStepTest.java
│ ├── [8.6K] NoTriggerBranchPropertyWorkflowTest.java
│ ├── [10.0K] ReadTrustedStepTest.java
│ ├── [7.0K] RepairBranchPropertyTest.java
│ ├── [8.1K] ReplayActionTest.java
│ ├── [5.4K] ResolveScmStepTest.java
│ ├── [ 15K] SCMBinderTest.java
│ ├── [7.0K] SCMVarTest.java
│ ├── [4.9K] WorkflowBranchProjectFactoryTest.java
│ ├── [9.8K] WorkflowMultiBranchProjectFactoryTest.java
│ └── [ 13K] WorkflowMultiBranchProjectTest.java
└── [4.0K] resources
└── [4.0K] org
└── [4.0K] jenkinsci
└── [4.0K] plugins
└── [4.0K] workflow
└── [4.0K] multibranch
├── [4.0K] GitDirectorySCMNavigator
│ └── [ 229] config.jelly
├── [4.0K] JobPropertyStepTest
│ └── [6.0K] trackerPropertyUpgrade.zip
├── [4.0K] RepairBranchPropertyTest
│ └── [ 33K] removedPropertyAtStartup.zip
└── [4.0K] WorkflowMultiBranchProjectTest
└── [4.0K] OldSCM
└── [ 85] config.jelly
43 directories, 62 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。