465 matches found
CVE-2021-21689
An incorrect access control vulnerability was found in Jenkins. The FilePathunzip and FilePathuntar were not subjected to any access control. An attacker with access to FilePathunzip or FilePathuntar operations is able to read and write arbitrary files on the Jenkins controller file system...
CVE-2021-21696
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results i...
CVE-2021-21694
FilePathtoURI, FilePathhasSymlink, FilePathabsolutize, FilePathisDescendant, and FilePathgetDiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...
CVE-2021-21692
FilePathrenameTo and FilePathmoveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'...
CVE-2021-21688
The agent-to-controller security check FilePathreadingFileVisitor in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations creating archives, FilePathcopyRecursiveTo...
CVE-2021-21685
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePathmkdirs...
PT-2021-5428 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue is related to the absence of an authorization procedure in the Jenkins automation server. This can allow a remote attacker to impact the...
PT-2021-14728 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue concerns the creation of symbolic links when unarchiving a symbolic link in FilePathuntar. Specifically, it does not check agent-to-controller...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins has a security vulnerability that stems from Jenkins 2.318 and earlier, LTS 2.303.2 and earlier in FilePath untar...
Jenkins 后置链接漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins suffers from a security vulnerability that stems from FilePath listFiles listing symbolic links in Jenkins 2.318 a...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins that stems from an agent-to-controller security check FilePathreadingFileVisit...
PT-2021-4993 · Jenkins · Remoting Security Workaround Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier Description: The issue is related to the implementation of the FilePath API in the Jenkins automation server, which does not limit agent read/write access to the libs/...
GHSA-4QWQ-Q4PR-RR7R Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Vulnerability in remove function leads to arbitrary code execution via filePath parameters
Aaptjs is a node wraper for aapt. An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Vulnerability in dump function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
GHSA-R496-7HGP-53WF Vulnerability in dump function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
GHSA-4G7X-7VGQ-3J28 Vulnerability in list function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Vulnerability in list function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
GHSA-7FW7-GH23-F832 Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...