CVE-2021-21687 - log back

CVE-2021-21687 edited at 04 Nov 2021 14:36:24
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary filesystem access
Description
+ A security issue has been found in Jenkins before version 2.319. FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link. This allows agent processes to read and write arbitrary files on the Jenkins controller file system, and obtain some information about Jenkins controller file systems.
References
+ https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455
CVE-2021-21687 created at 04 Nov 2021 14:30:58