Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@552.vd9cc05b8a2e1
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@552.vd9cc05b8a2e1
Next non-vulnerable version 561.va
Latest non-vulnerable version 588.v576c103a_ff86
Risk 4.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-3vqh-anad-xqbt
Aliases:
CVE-2022-25182
GHSA-7rcw-fwfh-2h2g
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured.
561.va_ce0de3c2d69
Affected by 0 other vulnerabilities.
VCID-a8d9-5365-qubn
Aliases:
CVE-2022-25174
GHSA-g9fx-6j5c-grmw
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
561.va
Affected by 0 other vulnerabilities.
561.va_ce0de3c2d69
Affected by 0 other vulnerabilities.
VCID-chux-mqkp-cfe5
Aliases:
CVE-2022-25178
GHSA-5hfv-mg5x-mv32
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.
561.va_ce0de3c2d69
Affected by 0 other vulnerabilities.
VCID-gv26-67cj-t3ae
Aliases:
CVE-2022-25183
GHSA-pfwp-q984-w7wh
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists.
561.va_ce0de3c2d69
Affected by 0 other vulnerabilities.
VCID-msed-m3xv-rkfg
Aliases:
CVE-2022-25177
GHSA-q234-x887-9rxh
Improper Link Resolution Before File Access ('Link Following') Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.
561.va_ce0de3c2d69
Affected by 0 other vulnerabilities.
VCID-s2j3-7pfj-buav
Aliases:
CVE-2022-25181
GHSA-7w2w-fwpf-9m4h
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists.
561.va_ce0de3c2d69
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T15:59:56.370150+00:00 GHSA Importer Affected by VCID-msed-m3xv-rkfg https://github.com/advisories/GHSA-q234-x887-9rxh 38.0.0
2026-04-01T15:59:56.090210+00:00 GHSA Importer Affected by VCID-chux-mqkp-cfe5 https://github.com/advisories/GHSA-5hfv-mg5x-mv32 38.0.0
2026-04-01T15:59:56.032333+00:00 GHSA Importer Affected by VCID-s2j3-7pfj-buav https://github.com/advisories/GHSA-7w2w-fwpf-9m4h 38.0.0
2026-04-01T15:59:55.978458+00:00 GHSA Importer Affected by VCID-3vqh-anad-xqbt https://github.com/advisories/GHSA-7rcw-fwfh-2h2g 38.0.0
2026-04-01T15:59:55.951506+00:00 GHSA Importer Affected by VCID-gv26-67cj-t3ae https://github.com/advisories/GHSA-pfwp-q984-w7wh 38.0.0
2026-04-01T12:49:35.029164+00:00 GitLab Importer Affected by VCID-gv26-67cj-t3ae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib/CVE-2022-25183.yml 38.0.0
2026-04-01T12:49:34.994009+00:00 GitLab Importer Affected by VCID-chux-mqkp-cfe5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib/CVE-2022-25178.yml 38.0.0
2026-04-01T12:49:34.831377+00:00 GitLab Importer Affected by VCID-s2j3-7pfj-buav https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib/CVE-2022-25181.yml 38.0.0
2026-04-01T12:49:34.563420+00:00 GitLab Importer Affected by VCID-3vqh-anad-xqbt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib/CVE-2022-25182.yml 38.0.0
2026-04-01T12:49:34.454662+00:00 GitLab Importer Affected by VCID-msed-m3xv-rkfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib/CVE-2022-25177.yml 38.0.0
2026-04-01T12:49:34.420166+00:00 GitLab Importer Affected by VCID-a8d9-5365-qubn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib/CVE-2022-25174.yml 38.0.0