org.jenkins-ci.plugins.workflow:workflow-cps (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.jenkins-ci.plugins.workflow:workflow-cps, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2022-43402 — CVSS 9.9 (critical): A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy…
CVE-2022-43404 — CVSS 9.9 (critical): A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script…
CVE-2022-43401 — CVSS 9.9 (critical): A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security…
CVE-2019-1003041 — CVSS 9.8 (critical): A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in…
CVE-2020-2109 — CVSS 8.8 (high): Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in…
CVE-2022-25173 — CVSS 8.8 (high): Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script…
CVE-2017-1000096 — CVSS 8.8 (high): Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in…
CVE-2018-1000866 — CVSS 8.8 (high): A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox…
CVE-2022-30945 — CVSS 8.5 (high): Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and…
CVE-2024-52550 — CVSS 8.0 (high): Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main…
CVE-2022-25176 — CVSS 6.5 (medium): Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for…
CVE-2022-25180 — CVSS 4.3 (medium): Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds…