ghsa-4vjp-327p-w4qv
Vulnerability from github
Published
2025-04-02 15:31
Modified
2025-04-02 22:39
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution
Details

Jenkins Templating Engine Plugin allows defining libraries both in the global configuration, as well as scoped to folders containing the pipelines using them. While libraries in the global configuration can only be set up by administrators and can therefore be trusted, libraries defined in folders can be configured by users with Item/Configure permission.

In Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection. This vulnerability allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.

In Templating Engine Plugin 2.5.4, libraries defined in folders are subject to sandbox protection.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:templating-engine"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-31722"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-02T22:39:27Z",
    "nvd_published_at": "2025-04-02T15:15:59Z",
    "severity": "HIGH"
  },
  "details": "Jenkins Templating Engine Plugin allows defining libraries both in the global configuration, as well as scoped to folders containing the pipelines using them. While libraries in the global configuration can only be set up by administrators and can therefore be trusted, libraries defined in folders can be configured by users with Item/Configure permission.\n\nIn Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection. This vulnerability allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.\n\nIn Templating Engine Plugin 2.5.4, libraries defined in folders are subject to sandbox protection.",
  "id": "GHSA-4vjp-327p-w4qv",
  "modified": "2025-04-02T22:39:27Z",
  "published": "2025-04-02T15:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31722"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/templating-engine-plugin/commit/bb2b4468b3bf4cea494afb8549af4e6450972653"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/templating-engine-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3505"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.