Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

CVE-2021-21693

CVE-2021-21693 affects Jenkins FilePath handling. In affected versions (Jenkins 2.318 and earlier; LTS 2.303.2 and earlier), permission to create temporary files is checked after file creation. Remediation: upgrade to Jenkins 2.319 or LTS 2.303.3, which addresses this and related FilePath filteri...