CVE-2021-21688 log
| Source |
|
| Severity | Critical |
| Remote | Yes |
| Type | Arbitrary filesystem access |
| Description | A security issue has been found in Jenkins before version 2.319. FilePath#reading(FileVisitor) does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, #copyRecursiveTo). This allows agent processes to read and write arbitrary files on the Jenkins controller file system, and obtain some information about Jenkins controller file systems. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2526 | jenkins | 2.318-1 | 2.319-1 | Critical | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 05 Nov 2021 | ASA-202111-1 | AVG-2526 | jenkins | Critical | multiple issues |
| References |
|---|
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455 |