54 matches found
CVE-2022-23116
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...
CVE-2022-23118
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller...
Privilege Escalation
jenkins is vulnerable to privilege escalation. The vulnerability exists due to a lack of limiting the agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library wit...
jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path
A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...
jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path
A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...
RHEL 8 : OpenShift Container Platform 4.8.22 (RHSA-2021:4829)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4829 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path
A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...
Jenkins Enterprise and Operations Center < 2.277.43.0.2 / 2.303.3.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-11-04)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.2, or 2.x prior to 2.303.3.3. It is, therefore, affected by multiple vulnerabilities, including the following: - Agent processes are able to completely bypass file path...
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...
Design/Logic Flaw
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...
CVE-2021-21690
A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...
CVE-2021-21690
Jenkins prior to 2.319 (and LTS 2.303.3 previously) is affected by CVE-2021-21690 where agent processes can completely bypass file path filtering by wrapping file operations in an agent file path. This allows potential reading/writing of arbitrary files on the Jenkins controller and is part of a ...