Lucene search
GoogleOSV:GHSA-Q58J-FHJ7-J6FGHistoryMay 24, 2022 - 7:19 p.m.
Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files
2022-05-2419:19:43
Google
osv.dev
6
jenkins
subversion plugin
path traversal
EPSS
0.004
Percentile
72.7%
Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.
Subversion Plugin 2.15.1 checks for the presence of and prohibits directory separator characters as part of the file name, restricting it to the intended directory.
Related
osv
osv
CVE-2021-21698
2021-11-04 17:15:08
prion
prion
Code injection
2021-11-04 17:15:00
cvelist
cvelist
CVE-2021-21698
2021-11-04 16:30:44
redhatcve
redhatcve
CVE-2021-21698
2021-11-04 18:56:22
veracode
veracode
Information Disclosure
2021-12-08 00:41:06
nvd
nvd
CVE-2021-21698
2021-11-04 17:15:08
cnvd
cnvd
Jenkins Subversion Plugin Path Traversal Vulnerability
2021-11-06 00:00:00
cve
cve
CVE-2021-21698
2021-11-04 17:15:08
github
github
redhat
redhat
nessus
nessus
FreeBSD : jenkins -- multiple vulnerabilities (2bf56269-90f8-4a82-b82f-c0e289f2a0dc)
2021-11-05 00:00:00
RHEL 8 : OpenShift Container Platform 4.7.38 (RHSA-2021:4801)
2021-12-02 00:00:00
Jenkins LTS < 2.303.3 / Jenkins weekly < 2.319 Multiple Vulnerabilities
2021-11-04 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2021-11-04 00:00:00