---

CVE-2021-21688 - log back

CVE-2021-21688 edited at 04 Nov 2021 14:36:46
Severity	- Unknown + Critical
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary filesystem access
Description	+ A security issue has been found in Jenkins before version 2.319. FilePath#reading(FileVisitor) does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, #copyRecursiveTo). This allows agent processes to read and write arbitrary files on the Jenkins controller file system, and obtain some information about Jenkins controller file systems.
References	+ https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

CVE-2021-21688 created at 04 Nov 2021 14:30:58