GHSA-QXP6-27GW-99CJ Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins

Due to a time-of-check to time-of-use TOCTOU race condition, the file browser for workspaces, archived artifacts, and $JENKINSHOME/userContent/ follows symbolic links to locations outside the directory being browsed in Jenkins 2.275 and LTS 2.263.2. This allows attackers with Job/Workspace...

GHSA-HPH9-9VCQ-F7GP Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace...

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace...

Jenkins Enterprise and Operations Center < 2.222.43.0.2 / 2.249.30.0.2 / 2.263.2.3 Arbitrary File Read (CloudBees Security Advisory 2021-01-26)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.222.x prior to 2.222.43.0.2, 2.249.x prior to 2.249.30.0.2, or 2.x prior to 2.263.2.3. It is, therefore, affected by an arbitrary file read vulnerability due to a time-of-check to time-of-use TOCT...

Jenkins < 2.276, < 2.263.3 Arbitrary File Read Vulnerability

Jenkins is prone to an arbitrary file read vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

PT-2021-14658 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.275 through 2.275 Jenkins LTS versions 2.263.2 through 2.263.2 Description: The issue is caused by a time-of-check to time-of-use TOCTOU race condition, allowing attackers to read arbitrary files using the file browser for...

CVE-2020-27146

The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace Browser contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery CSRF attack on the affected system. A successful attack using this vulnerability...

CVE-2020-27146

The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace Browser contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery CSRF attack on the affected system. A successful attack using this vulnerability...

CVE-2018-1000862

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace...

jenkins: workspace browser allowed accessing files outside the workspace (SECURITY-904)

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace...

CVE-2018-1000862

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace...

CVE-2018-1000862

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace...

CVE-2018-1000862

CVE-2018-1000862 concerns Jenkins prior to 2.154 (2.153 and earlier) and LTS prior to 2.138.4 (2.138.3 and earlier) where DirectoryBrowserSupport.java allows an attacker who can control build output to browse the filesystem on agents via the workspace browser after a build. Related advisories (GH...

FreeBSD : jenkins -- multiple vulnerabilities (3aa27226-f86f-11e8-a085-3497f683cb16)

Jenkins Security Advisory : DescriptionCritical SECURITY-595 Code execution through crafted URLs Medium SECURITY-904 Forced migration of user records Medium SECURITY-1072 Workspace browser allowed accessing files outside the workspace Medium SECURITY-1193 Potential denial of service through cron...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Critical SECURITY-595 Code execution through crafted URLs Medium SECURITY-904 Forced migration of user records Medium SECURITY-1072 Workspace browser allowed accessing files outside the workspace Medium SECURITY-1193 Potential denial of service through cron...