Lucene search
K

5 matches found

OSV
OSV
added 2022/05/24 7:19 p.m.2 views

GHSA-97C3-W9CR-6QC2 Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

9CVSS5.9AI score0.02451EPSS
Exploits0References6
OSV
OSV
added 2022/05/24 7:19 p.m.15 views

GHSA-3Q84-VRVX-RFVF Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

9CVSS5.9AI score0.01342EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 7:19 p.m.4 views

GHSA-CVVM-4CR9-R436 Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

9CVSS5.9AI score0.02076EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 7:19 p.m.6 views

GHSA-CV2W-Q8C3-XJV7 Agent-to-controller access control allows reading/writing most content of build directories in Jenkins

Agents are allowed some limited access to files on the Jenkins controller file system. The directories agents are allowed to access in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier include the directories storing build-related information, intended to allow agents to store build-related...

9.1CVSS5.9AI score0.0155EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.5 views

PT-2021-4993 · Jenkins · Remoting Security Workaround Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier Description: The issue is related to the implementation of the FilePath API in the Jenkins automation server, which does not limit agent read/write access to the libs/...

9.8CVSS9.4AI score0.0232EPSS
Exploits0References14
Rows per page
Query Builder