Lucene search
K

54 matches found

NVD
NVD
added 2022/01/12 8:15 p.m.34 views

CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

7.5CVSS0.00828EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/01/12 7:6 p.m.9 views

CVE-2022-23118

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller...

7.3AI score0.01603EPSS
Exploits0References2
Veracode
Veracode
added 2021/12/08 12:41 a.m.22 views

Privilege Escalation

jenkins is vulnerable to privilege escalation. The vulnerability exists due to a lack of limiting the agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library wit...

9.8CVSS6.4AI score0.0232EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2021/12/02 10:4 p.m.5 views

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

9.8CVSS5.8AI score0.02451EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/12/02 6:37 p.m.2 views

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

9.8CVSS5.8AI score0.02451EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/12/01 12:0 a.m.40 views

RHEL 8 : OpenShift Container Platform 4.8.22 (RHSA-2021:4829)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4829 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

9.8CVSS7.4AI score0.02451EPSS
Exploits0References32
RedHat Linux
RedHat Linux
added 2021/11/29 10:40 a.m.4 views

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

9.8CVSS5.8AI score0.02451EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/11/19 12:0 a.m.28 views

Jenkins Enterprise and Operations Center < 2.277.43.0.2 / 2.303.3.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-11-04)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.2, or 2.x prior to 2.303.3.3. It is, therefore, affected by multiple vulnerabilities, including the following: - Agent processes are able to completely bypass file path...

9.8CVSS8AI score0.02451EPSS
Exploits0References15
OSV
OSV
added 2021/11/04 5:15 p.m.14 views

CVE-2021-21690

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

9.8CVSS6.5AI score
Exploits0References1
AlpineLinux
AlpineLinux
added 2021/11/04 5:15 p.m.22 views

CVE-2021-21690

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

9.8CVSS9.1AI score0.02451EPSS
Exploits0
Prion
Prion
added 2021/11/04 5:15 p.m.18 views

Design/Logic Flaw

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

7.5CVSS9.2AI score0.02451EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2021/11/04 4:52 p.m.31 views

CVE-2021-21690

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

9.8CVSS8.9AI score0.02451EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/11/04 4:30 p.m.22 views

CVE-2021-21690

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

9.6AI score0.02451EPSS
Exploits0References1
CVE
CVE
added 2021/11/04 4:30 p.m.163 views

CVE-2021-21690

Jenkins prior to 2.319 (and LTS 2.303.3 previously) is affected by CVE-2021-21690 where agent processes can completely bypass file path filtering by wrapping file operations in an agent file path. This allows potential reading/writing of arbitrary files on the Jenkins controller and is part of a ...

9.8CVSS9.2AI score0.02451EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder