VulnerableCode Package Details - pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.3

purl	pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@2.21.3

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-k6wy-rwhv-ckd2	Incorrect Authorization Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them.	CVE-2022-29047 GHSA-hh6f-6fp5-gfpv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:00:17.779034+00:00	GHSA Importer	Fixing	VCID-k6wy-rwhv-ckd2	https://github.com/advisories/GHSA-hh6f-6fp5-gfpv	38.0.0
2026-04-01T13:05:11.225355+00:00	GithubOSV Importer	Fixing	VCID-k6wy-rwhv-ckd2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-hh6f-6fp5-gfpv/GHSA-hh6f-6fp5-gfpv.json	38.0.0
2026-04-01T12:49:49.807344+00:00	GitLab Importer	Fixing	VCID-k6wy-rwhv-ckd2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib/CVE-2022-29047.yml	38.0.0