
We found results for “”
CVE-2025-31722
Good to know:

Date: April 2, 2025
In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Control of Generation of Code ('Code Injection')
CWE-94Top Fix

Upgrade Version
Upgrade to version org.jenkins-ci.plugins:templating-engine:2.5.4;org.jenkins-ci.plugins:templating-engine:2.5.4;https://github.com/jenkinsci/templating-engine-plugin.git - 2.5.4
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |