CVE-2022-30945

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Plugin versions 2689.v434009a 31b f1 and earlier

Description The issue allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. This could potentially be used to bypass sandbox protections if a suitable Groovy source file is available. However, the severity of this issue is considered High due to the potential impact, but successful exploitation is considered very unlikely. The estimated number of potentially affected devices is not provided.

Recommendations For Jenkins Pipeline: Groovy Plugin versions 2689.v434009a 31b f1 and earlier, update to version 2692.v76b 089ccd026 or later, which restricts which Groovy source files can be loaded in Pipelines. As a temporary workaround, consider restricting access to Groovy source files on the classpath of Jenkins to minimize the risk of exploitation. Plugins can add specific Groovy source files to the allowlist using the new extension point org.jenkinsci.plugins.workflow.cps.GroovySourceFileAllowlist if necessary.