Publish GHSA-7rcw-fwfh-2h2g

advisories/unreviewed/2022/02/GHSA-7rcw-fwfh-2h2g/GHSA-7rcw-fwfh-2h2g.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.2.0",
+  "id": "GHSA-7rcw-fwfh-2h2g",
+  "modified": "2022-02-16T00:01:31Z",
+  "published": "2022-02-16T00:01:31Z",
+  "aliases": [
+    "CVE-2022-25182"
+  ],
+  "details": "A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25182"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2422"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false
+  }
+}