org.jenkins-ci.plugins.workflow:workflow-multibranch

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jenkins-ci.plugins.workflow:workflow-multibranchpage 1 of 1

CVE-2022-25175HIGHCVSS 8.8EG 8.8✓ Fixed in 707.v71c3f0a_6ccdb
2022-02-15
vulnerable: 1.11 ... 706.vd43c65dec013 (57 versions)
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the cont…
CVE-2022-25179MEDIUMCVSS 6.5EG 6.5✓ Fixed in 707.v71c3f0a
2022-02-15
vulnerable: 706.vd43c65dec013
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to confi…

Check whether org.jenkins-ci.plugins.workflow:workflow-multibranch is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins.workflow:workflow-multibranch CVEs against the assets you own.

Start Free Scan →