CVE-2021-21683

The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission Windows controller or Job/Workspace permission Windows agents to obtain the...

PT-2021-14726 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.314 and earlier Jenkins LTS versions 2.303.1 and earlier Description: The file browser in Jenkins may interpret some paths to files as absolute on Windows, resulting in a path traversal issue. This allows attackers with...

Improper Input Validation in filebrowser/filebrowser

Description File Browser is a web-interface that allows you to manage and navigate through your files in a web browser. One of its features is to allow a user to run specific shell commands in the server, these commands are specified by users with administrator privileges, with an allow list. Thi...

FileBrowser 跨站脚本漏洞

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a cross-site scripting vulnerability that is caused by improper validation of...

Race Condition

jenkins is vulnerable to a Race Condition. This vulnerability exists due to a lack of validation of time-of-check to time-of-use, which allows an attacker to read arbitrary files using the file browser for workspaces and archived artifacts...

jenkins: Arbitrary file read vulnerability in workspace browsers

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

jenkins: Filesystem traversal by privileged users

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

jenkins: Arbitrary file read vulnerability in workspace browsers

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

jenkins: Filesystem traversal by privileged users

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

CVE-2021-21602

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

CVE-2021-21615

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

CVE-2021-21615

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

Information Disclosure

Jenkins is vulnerable to information disclosure. The vulnerability allows any user to read arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

Code injection

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

CVE-2021-21602

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

PDW File Browser 1.3 - Remote Code Execution

Exploit Title: PDW File Browser 1.3 - Remote Code Execution Date: 24-10-2020 Exploit Author: David Bimmel Researchers: David Bimmel, Joost Vondeling, Ramòn Janssen Vendor Homepage: n/a Software Link: https://github.com/GuidoNeele/PDW-File-Browser Version: … ? Once you have uploaded your webshell...

PDW File Browser 1.3 Cross Site Scripting

Exploit Title: PDW File Browser . The payload gets executed when any authenticated user navigates to the PDW File browser page. POST /ckeditor/plugins/pdwfilebrowser/actions.php HTTP/1.1 Host: … action=rename&newfilename=&oldfilename=script%253EFILE.txt&folder=%252Fmedia%252F&typ e=file Reflected...

PDW File Browser 1.3 - 'new_filename' Cross-Site Scripting (XSS)

Exploit Title: PDW File Browser . The payload gets executed when any authenticated user navigates to the PDW File browser page. POST /ckeditor/plugins/pdwfilebrowser/actions.php HTTP/1.1 Host: … action=rename&newfilename=&oldfilename=script%253EFILE.txt&folder=%252Fmedia%252F&typ e=file Reflected...

Cross-Site Scripting (XSS)

file-browser is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the filenames...

Path traversal

Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...