jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories

A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file...

jenkins: FilePath#unzip and FilePath#untar were not subject to any access control

An incorrect access control vulnerability was found in Jenkins. The FilePathunzip and FilePathuntar were not subjected to any access control. An attacker with access to FilePathunzip or FilePathuntar operations is able to read and write arbitrary files on the Jenkins controller file system...

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path

An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePathrenameTo and FilePathmoveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the...

jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access

An incorrect access restriction vulnerability was found in Jenkins. The FilePathreadingFileVisitor does not reject any operations giving users unrestricted read access with certain operations creating archives, copyRecursiveTo. This may allow an attacker to get access to restricted data...

RHEL 8 : OpenShift Container Platform 4.8.22 (RHSA-2021:4829)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4829 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions

An incorrect permissions validation vulnerability was found in Jenkins. The FilePathtoURI, FilePathhasSymlink, FilePathabsolutize, FilePathisDescendant, and FilePathgetDiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read...

jenkins: FilePath#unzip and FilePath#untar were not subject to any access control

An incorrect access control vulnerability was found in Jenkins. The FilePathunzip and FilePathuntar were not subjected to any access control. An attacker with access to FilePathunzip or FilePathuntar operations is able to read and write arbitrary files on the Jenkins controller file system...

jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path

An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePathrenameTo and FilePathmoveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the...

jenkins: FilePath#mkdirs does not check permission to create parent directories

An incorrect permissions validation vulnerability was found in Jenkins. The FilePathmkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories

A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file...

jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions

An incorrect permissions validation vulnerability was found in Jenkins. The FilePathtoURI, FilePathhasSymlink, FilePathabsolutize, FilePathisDescendant, and FilePathgetDiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read...

jenkins: FilePath#unzip and FilePath#untar were not subject to any access control

An incorrect access control vulnerability was found in Jenkins. The FilePathunzip and FilePathuntar were not subjected to any access control. An attacker with access to FilePathunzip or FilePathuntar operations is able to read and write arbitrary files on the Jenkins controller file system...

jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path

An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePathrenameTo and FilePathmoveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the...

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

CVE-2021-22028

In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability...