{"id":"CVE-2022-30945","details":"Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.","aliases":["GHSA-2xvx-rw9p-xgfc"],"modified":"2026-04-10T15:43:39.487419Z","published":"2022-05-17T15:15:08.647Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/05/17/8"},{"type":"FIX","url":"https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/workflow-cps-plugin","events":[{"introduced":"0"},{"fixed":"434009a31bf1ab2aae028c02fe2c4b41dd7c9af9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2689.v434009a_31b_f1"}]}}],"versions":["2633.v6baeedc13805","2640.v00e79c8113de","2644.v29a793dac95a","2646.v6ed3b5b01ff1","2648.va9433432b33c","2656.vf7a_e7b_75a_457","2659.v52d3de6044d0","2660.vb_c0412dc4e6d","2680.vf642ed4fa_d55","2682.va_473dcddc941","2683.vd0a_8f6a_1c263","2686.v7c37e0578401","2687.v3f09155513c1","2688.v39a_b_e5c49a_65","workflow-cps-2.0","workflow-cps-2.1","workflow-cps-2.10","workflow-cps-2.11","workflow-cps-2.12","workflow-cps-2.13","workflow-cps-2.14","workflow-cps-2.15","workflow-cps-2.16","workflow-cps-2.17","workflow-cps-2.18","workflow-cps-2.19","workflow-cps-2.2","workflow-cps-2.20","workflow-cps-2.21","workflow-cps-2.22","workflow-cps-2.23","workflow-cps-2.24","workflow-cps-2.25","workflow-cps-2.26","workflow-cps-2.27","workflow-cps-2.28","workflow-cps-2.29","workflow-cps-2.3","workflow-cps-2.30","workflow-cps-2.31","workflow-cps-2.32","workflow-cps-2.33","workflow-cps-2.34","workflow-cps-2.35","workflow-cps-2.36","workflow-cps-2.39","workflow-cps-2.4","workflow-cps-2.40","workflow-cps-2.41","workflow-cps-2.42","workflow-cps-2.43","workflow-cps-2.44","workflow-cps-2.45","workflow-cps-2.46","workflow-cps-2.47","workflow-cps-2.48","workflow-cps-2.49","workflow-cps-2.5","workflow-cps-2.50","workflow-cps-2.51","workflow-cps-2.52","workflow-cps-2.53","workflow-cps-2.54","workflow-cps-2.55","workflow-cps-2.56","workflow-cps-2.57","workflow-cps-2.58","workflow-cps-2.58-beta-1","workflow-cps-2.59","workflow-cps-2.6","workflow-cps-2.60","workflow-cps-2.61","workflow-cps-2.62","workflow-cps-2.63","workflow-cps-2.64","workflow-cps-2.65","workflow-cps-2.66","workflow-cps-2.67","workflow-cps-2.68","workflow-cps-2.69","workflow-cps-2.7","workflow-cps-2.70","workflow-cps-2.71","workflow-cps-2.72","workflow-cps-2.73","workflow-cps-2.74","workflow-cps-2.75","workflow-cps-2.76","workflow-cps-2.77","workflow-cps-2.78","workflow-cps-2.79","workflow-cps-2.8","workflow-cps-2.80","workflow-cps-2.81","workflow-cps-2.82","workflow-cps-2.83","workflow-cps-2.84","workflow-cps-2.85","workflow-cps-2.86","workflow-cps-2.87","workflow-cps-2.88","workflow-cps-2.89","workflow-cps-2.9","workflow-cps-2.90","workflow-cps-2.91","workflow-cps-2.92","workflow-cps-2.93","workflow-cps-2.94"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-30945.json","vanir_signatures_modified":"2026-04-10T15:43:39Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["19808702222069825966388408905846565132","191113629411866929203285405663844993334","120995463284699761451709982309751934238","81023933825688544246935418987105736366","304866683468154360126256303675013976374","139090592171800285111575499990465380468","54297006033284316805100916530263813833","81727139158803856659466349216896137499"],"threshold":0.9},"source":"https://github.com/jenkinsci/workflow-cps-plugin/commit/434009a31bf1ab2aae028c02fe2c4b41dd7c9af9","id":"CVE-2022-30945-a5d6c71a","signature_type":"Line","target":{"file":"src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowExecution.java"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"278582366955573309991294442338374588963","length":182},"source":"https://github.com/jenkinsci/workflow-cps-plugin/commit/434009a31bf1ab2aae028c02fe2c4b41dd7c9af9","id":"CVE-2022-30945-e5a5bb62","signature_type":"Function","target":{"file":"src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowExecution.java","function":"close"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}