Lucene search
+L

94 matches found

RedHat Linux
RedHat Linux
added 2021/12/02 6:37 p.m.3 views

jenkins: FilePath#unzip and FilePath#untar were not subject to any access control

An incorrect access control vulnerability was found in Jenkins. The FilePathunzip and FilePathuntar were not subjected to any access control. An attacker with access to FilePathunzip or FilePathuntar operations is able to read and write arbitrary files on the Jenkins controller file system...

9.1CVSS5.8AI score0.01416EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/12/02 6:37 p.m.3 views

jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link

An incorrect permissions validation vulnerability was found in Jenkins. The FilePathuntar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system...

9.1CVSS5.8AI score0.01342EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/12/01 12:28 p.m.5 views

jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link

An incorrect permissions validation vulnerability was found in Jenkins. The FilePathuntar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system...

9.1CVSS5.8AI score0.01342EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/12/01 12:28 p.m.6 views

jenkins: FilePath#unzip and FilePath#untar were not subject to any access control

An incorrect access control vulnerability was found in Jenkins. The FilePathunzip and FilePathuntar were not subjected to any access control. An attacker with access to FilePathunzip or FilePathuntar operations is able to read and write arbitrary files on the Jenkins controller file system...

9.1CVSS5.8AI score0.01416EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/30 9:11 a.m.3 views

jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link

An incorrect permissions validation vulnerability was found in Jenkins. The FilePathuntar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system...

9.1CVSS5.8AI score0.01342EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/30 9:11 a.m.4 views

jenkins: FilePath#unzip and FilePath#untar were not subject to any access control

An incorrect access control vulnerability was found in Jenkins. The FilePathunzip and FilePathuntar were not subjected to any access control. An attacker with access to FilePathunzip or FilePathuntar operations is able to read and write arbitrary files on the Jenkins controller file system...

9.1CVSS5.8AI score0.01416EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/29 10:40 a.m.3 views

jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link

An incorrect permissions validation vulnerability was found in Jenkins. The FilePathuntar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system...

9.1CVSS5.8AI score0.01342EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/29 10:40 a.m.4 views

jenkins: FilePath#unzip and FilePath#untar were not subject to any access control

An incorrect access control vulnerability was found in Jenkins. The FilePathunzip and FilePathuntar were not subjected to any access control. An attacker with access to FilePathunzip or FilePathuntar operations is able to read and write arbitrary files on the Jenkins controller file system...

9.1CVSS5.8AI score0.01416EPSS
Exploits0References5
NVD
NVD
added 2021/11/04 5:15 p.m.26 views

CVE-2021-21689

FilePathunzip and FilePathuntar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

9.1CVSS0.01416EPSS
Exploits0References1
Prion
Prion
added 2021/11/04 5:15 p.m.24 views

Server side request forgery (ssrf)

FilePathunzip and FilePathuntar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

6.4CVSS9.2AI score0.01416EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2021/11/04 4:52 p.m.28 views

CVE-2021-21689

An incorrect access control vulnerability was found in Jenkins. The FilePathunzip and FilePathuntar were not subjected to any access control. An attacker with access to FilePathunzip or FilePathuntar operations is able to read and write arbitrary files on the Jenkins controller file system...

9.1CVSS8.9AI score0.01416EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/11/04 12:0 a.m.2 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins has an access control error vulnerability that stems from FilePathunzip and FilePathuntar not being subject to...

9.1CVSS5.6AI score0.01416EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.3 views

PT-2021-5606 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue is related to the lack of access control for agent-to-controller in Jenkins, specifically affecting FilePathunzip and FilePathuntar. This could...

9.4CVSS9.1AI score0.01416EPSS
Exploits0References15
CNNVD
CNNVD
added 2021/11/04 12:0 a.m.3 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins has a security vulnerability that stems from Jenkins 2.318 and earlier, LTS 2.303.2 and earlier in FilePath untar...

9.1CVSS5.6AI score0.01342EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.3 views

PT-2021-14728 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue concerns the creation of symbolic links when unarchiving a symbolic link in FilePathuntar. Specifically, it does not check agent-to-controller...

9.1CVSS9.2AI score0.01342EPSS
Exploits0References9
OSV
OSV
added 2021/01/15 9:15 p.m.16 views

CVE-2021-21251

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...

8.8CVSS6.9AI score
Exploits0References1
CNNVD
CNNVD
added 2021/01/15 12:0 a.m.9 views

Theonedev Onedev 路径遍历漏洞

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev Onedev versions prior to...

8.8CVSS7.3AI score0.12163EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/10/27 12:0 a.m.15 views

The vulnerability of the Helm package manager exists due to an incorrect restriction on the path name to the restricted access catalog. This allows a malicious actor to unpack the files from the diagram archive outside of the target directory.

The vulnerability of the Helm package manager exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to unpack the diagram archive files outside of the target directory using commands like “helm fetch --untar” an...

7.1CVSS6.8AI score0.01483EPSS
Exploits1References4Affected Software2
CNVD
CNVD
added 2020/08/25 12:0 a.m.6 views

Metasploit Framework Relative Path Traversal Vulnerability

Metasploit Framework is a modular Ruby-based penetration testing platform that enables you to write, test and execute exploit code. A relative path traversal vulnerability exists in the untar method of the "auxiliary/admin/http/telpho10credentialdump" module of the Metasploit Framework, which can...

8.1CVSS7.2AI score0.01072EPSS
Exploits1References1
OSV
OSV
added 2020/08/24 7:15 p.m.11 views

CVE-2020-7377

The Metasploit Framework module "auxiliary/admin/http/telpho10credentialdump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...

7.5CVSS7.2AI score0.01072EPSS
Exploits1References1
Rows per page
Query Builder