Information Disclosure

jenkins-2-plugins is vulnerable to information disclosure. The vulnerability exists due to the lack of restriction of the name of a file when looking up a subversion key file on the controller from an agent...

RHEL 7 : OpenShift Container Platform 3.11.569 (RHSA-2021:4827)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4827 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 8 : OpenShift Container Platform 4.6.51 (RHSA-2021:4799)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4799 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key

An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on t...

jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key

An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on t...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.6.51 packages and security update

Red Hat OpenShift Container Platform release 4.6.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a...

jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key

An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on t...

RHEL 8 : OpenShift Container Platform 4.8.22 (RHSA-2021:4829)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4829 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key

An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on t...

jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key

An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on t...

Jenkins Subversion Plugin Path Traversal Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Subversion Plugin in version 2.15.0 and earlier has a path traversal vulnerability that stems from the fact that...

CVE-2021-21698

An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on t...

CVE-2021-21698

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent...

CVE-2021-21698

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent...

Code injection

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent...

CVE-2021-21698

CVE-2021-21698 affects Jenkins Subversion Plugin up to version 2.15.0. The issue arises because the plugin does not restrict the file name when resolving the subversion key file on the controller from an agent, enabling path traversal to read arbitrary files on the Jenkins controller when an atta...

CVE-2021-21698

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent...

Jenkins 路径遍历漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Subversion Plugin in version 2.15.0 and earlier has a path traversal vulnerability that stems from the fact that...

PT-2021-14729 · Jenkins · Jenkins Subversion Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.0 and earlier Description: The issue allows attackers who can control agent processes to read arbitrary files on the Jenkins controller file system. This is because the plugin does not restrict the name...

Jenkins LTS < 2.303.3 / Jenkins weekly < 2.319 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.303.3 or Jenkins weekly prior to 2.319. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check...