CVE-2021-21687
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. Devamını Oku
Devamını oku
CVE-2021-21686 (jenkins)
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. Devamını Oku
CVE-2021-21686
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. Devamını Oku
CVE-2021-21685 (jenkins)
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. Devamını Oku
CVE-2021-21685
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. Devamını Oku
CVE-2021-21684
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. Devamını Oku
CVE-2021-21683
The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files. Devamını Oku
CVE-2021-21682
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows. Devamını Oku
CVE-2021-21681
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. Devamını Oku
CVE-2021-21680
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. Devamını Oku
CVE-2021-21679
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Devamını Oku
CVE-2021-21678
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Devamını Oku