39 matches found
GHSA-J3CQ-H6VH-GX7F Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...
GHSA-C5R9-RX53-Q3GF Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. This directory is used by the Pipeline: Shared Groovy Libraries Plugin to store copies of shared libraries. This allows attackers...
GHSA-CVVM-4CR9-R436 Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...
GHSA-X3M3-G8W6-MF28 Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity XXE attacks, which is only a problem if XML documents are parsed on the Jenkins controller...
GHSA-8XJP-RP29-V5J8 Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agent processes to invoke command-line git at an attacker-specified path on the controller. This allows attackers able to control agent processes to invoke arbitrary OS commands on the controller...
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...
The vulnerability of the agent-to-controller subsystem of the Jenkins automation server allows a attacker to compromise the confidentiality and integrity of the protected information.
The vulnerability of the agent-to-controller subsystem of the Jenkins automation server is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
jenkins: Agent-to-controller access control allows reading/writing most content of build directories
An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows ...
CVE-2021-43578
Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an...
CVE-2021-43578
Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins Plugin has a security vulnerability that stems from the Squash TM Publisher plugin version 1.0.0 and earlier...
PT-2021-23883 · Jenkins · Jenkins Squash Tm Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Squash TM Publisher Squash4Jenkins Plugin versions 1.0.0 and earlier Description: The issue allows attackers who can control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled...
Design/Logic Flaw
The agent-to-controller security check FilePathreadingFileVisitor in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations creating archives, FilePathcopyRecursiveTo...
PT-2021-14728 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue concerns the creation of symbolic links when unarchiving a symbolic link in FilePathuntar. Specifically, it does not check agent-to-controller...
CVE-2021-21693
CVE-2021-21693 affects Jenkins FilePath handling. In affected versions (Jenkins 2.318 and earlier; LTS 2.303.2 and earlier), permission to create temporary files is checked after file creation. Remediation: upgrade to Jenkins 2.319 or LTS 2.303.3, which addresses this and related FilePath filteri...
Jenkins 访问控制错误漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins has an Access Control Error vulnerability that stems from FilePathmkdirs create parent directory operation is n...
PT-2021-5606 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue is related to the lack of access control for agent-to-controller in Jenkins, specifically affecting FilePathunzip and FilePathuntar. This could...