Lucene search

K
cvelistJenkinsCVELIST:CVE-2021-21602
HistoryJan 13, 2021 - 3:55 p.m.

CVE-2021-21602

2021-01-1315:55:27
jenkins
www.cve.org
6
jenkins
arbitrary files
file browser
symlinks
security vulnerability

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

28.4%

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.

CNA Affected

[
  {
    "product": "Jenkins",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "2.274",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "LTS 2.263.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

28.4%