Lucene search
K

11 matches found

OSV
OSV
added 2024/03/06 11:0 a.m.16 views

BIT-JENKINS-2021-21688

The agent-to-controller security check FilePathreadingFileVisitor in Jenkins LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations creating archives, FilePathcopyRecursiveTo...

7.5CVSS8.2AI score0.01327EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:0 a.m.18 views

BIT-JENKINS-2021-21689

FilePathunzip and FilePathuntar were not subject to any agent-to-controller access control in Jenkins LTS 2.303.2 and earlier...

9.1CVSS9.3AI score0.01416EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:0 a.m.18 views

BIT-JENKINS-2021-21690

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins LTS 2.303.2 and earlier...

9.8CVSS9.3AI score0.02451EPSS
Exploits0References2
OSV
OSV
added 2022/09/22 12:0 a.m.43 views

GHSA-F7FQ-WP2X-JC25 Jenkins WildFly Deployer Plugin vulnerable to path traversal

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide...

6.5CVSS5.5AI score0.00578EPSS
Exploits0References3
OSV
OSV
added 2022/07/28 12:0 a.m.23 views

GHSA-57F2-52WJ-7VJ6 Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin

BMC Compuware ISPW Operations Plugin defines a controller/agent message that retrieves Java system properties. BMC Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to...

4.3CVSS8.2AI score0.0085EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/07/28 12:0 a.m.39 views

Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin

BMC Compuware ISPW Operations Plugin defines a controller/agent message that retrieves Java system properties. BMC Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to...

8.2CVSS7.9AI score0.0085EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:19 p.m.30 views

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

9.1CVSS1AI score0.01342EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/03/16 12:0 a.m.18 views

GHSA-X3M3-G8W6-MF28 Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity XXE attacks, which is only a problem if XML documents are parsed on the Jenkins controller...

7.1CVSS6.6AI score0.01314EPSS
Exploits0References4
Prion
Prion
added 2021/11/04 5:15 p.m.22 views

Server side request forgery (ssrf)

FilePathunzip and FilePathuntar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

6.4CVSS9.2AI score0.01416EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/04 5:15 p.m.18 views

Design/Logic Flaw

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

7.5CVSS9.2AI score0.02451EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.4 views

PT-2021-5285 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier Description: The issue is related to a bypass of the file path filtering mechanism in Jenkins, allowing an attacker to impact the confidentiality, integrity, and availabilit...

10CVSS9.2AI score0.02451EPSS
Exploits0References15
Rows per page
Query Builder