| CVE-2021-21697 |
High |
Yes |
Arbitrary filesystem access |
Agents are allowed some limited access to files on the Jenkins controller file system. The directories agents are allowed to access in Jenkins before 2.319... |
| CVE-2021-21696 |
High |
Yes |
Sandbox escape |
Jenkins before version 2.319 does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. This... |
| CVE-2021-21695 |
Critical |
Yes |
Arbitrary filesystem access |
A security issue has been found in Jenkins before version 2.319. FilePath#listFiles lists files outside directories with agent read access when following... |
| CVE-2021-21694 |
Critical |
Yes |
Arbitrary filesystem access |
A security issue has been found in Jenkins before version 2.319. FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and... |
| CVE-2021-21693 |
Critical |
Yes |
Arbitrary filesystem access |
A security issue has been found in Jenkins before version 2.319. When creating temporary files, permission to create files is only checked after they’ve... |
| CVE-2021-21692 |
Critical |
Yes |
Arbitrary filesystem access |
A security issue has been found in Jenkins before version 2.319. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission... |
| CVE-2021-21691 |
Critical |
Yes |
Arbitrary filesystem access |
A security issue has been found in Jenkins before version 2.319. Creating symbolic links is possible without the symlink permission. This allows agent... |
| CVE-2021-21690 |
Critical |
Yes |
Arbitrary filesystem access |
A security issue has been found in Jenkins before version 2.319. Agent processes are able to completely bypass file path filtering by wrapping the file... |
| CVE-2021-21689 |
Critical |
Yes |
Arbitrary filesystem access |
A security issue has been found in Jenkins before version 2.319. FilePath#unzip and FilePath#untar were not subject to any access control. This allows agent... |
| CVE-2021-21688 |
Critical |
Yes |
Arbitrary filesystem access |
A security issue has been found in Jenkins before version 2.319. FilePath#reading(FileVisitor) does not reject any operations, allowing users to have... |
| CVE-2021-21687 |
Critical |
Yes |
Arbitrary filesystem access |
A security issue has been found in Jenkins before version 2.319. FilePath#untar does not check permission to create symbolic links when unarchiving a... |
| CVE-2021-21686 |
Critical |
Yes |
Arbitrary filesystem access |
A security issue has been found in Jenkins before version 2.319. File path filters do not canonicalize paths, allowing operations to follow symbolic links... |
| CVE-2021-21685 |
Critical |
Yes |
Arbitrary filesystem access |
A security issue has been found in Jenkins before version 2.319. FilePath#mkdirs does not check permission to create parent directories. This allows agent... |