Lucene search
K

39 matches found

OSV
OSV
added 2022/05/24 7:19 p.m.2 views

GHSA-J3CQ-H6VH-GX7F Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

9CVSS6AI score0.01416EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/24 7:19 p.m.38 views

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

9.8CVSS0.9AI score0.02034EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:19 p.m.28 views

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

8.8CVSS1AI score0.02076EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 7:19 p.m.5 views

GHSA-C5R9-RX53-Q3GF Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. This directory is used by the Pipeline: Shared Groovy Libraries Plugin to store copies of shared libraries. This allows attackers...

8.8CVSS6.3AI score0.0232EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 7:19 p.m.4 views

GHSA-CVVM-4CR9-R436 Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

9CVSS5.9AI score0.02076EPSS
Exploits0References5
OSV
OSV
added 2022/03/16 12:0 a.m.18 views

GHSA-X3M3-G8W6-MF28 Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity XXE attacks, which is only a problem if XML documents are parsed on the Jenkins controller...

7.1CVSS6.6AI score0.01314EPSS
Exploits0References4
OSV
OSV
added 2022/01/13 12:0 a.m.22 views

GHSA-8XJP-RP29-V5J8 Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agent processes to invoke command-line git at an attacker-specified path on the controller. This allows attackers able to control agent processes to invoke arbitrary OS commands on the controller...

7.5CVSS8.7AI score0.01603EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/01/13 12:0 a.m.25 views

Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

7.5CVSS4.3AI score0.00828EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/16 12:0 a.m.3 views

The vulnerability of the agent-to-controller subsystem of the Jenkins automation server allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the agent-to-controller subsystem of the Jenkins automation server is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...

8.8CVSS7.7AI score0.01911EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2021/12/01 12:28 p.m.7 views

jenkins: Agent-to-controller access control allows reading/writing most content of build directories

An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows ...

9.1CVSS5.8AI score0.0155EPSS
Exploits0References5
NVD
NVD
added 2021/11/12 11:15 a.m.21 views

CVE-2021-43578

Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an...

8.1CVSS0.01068EPSS
Exploits0References2
OSV
OSV
added 2021/11/12 11:15 a.m.3 views

CVE-2021-43578

Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an...

8.1CVSS5.9AI score0.01068EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/12 12:0 a.m.4 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins Plugin has a security vulnerability that stems from the Squash TM Publisher plugin version 1.0.0 and earlier...

8.1CVSS7.7AI score0.01068EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/11/12 12:0 a.m.3 views

PT-2021-23883 · Jenkins · Jenkins Squash Tm Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Squash TM Publisher Squash4Jenkins Plugin versions 1.0.0 and earlier Description: The issue allows attackers who can control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled...

8.1CVSS8AI score0.01068EPSS
Exploits0References8
Prion
Prion
added 2021/11/04 5:15 p.m.16 views

Design/Logic Flaw

The agent-to-controller security check FilePathreadingFileVisitor in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations creating archives, FilePathcopyRecursiveTo...

5CVSS8AI score0.01327EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.2 views

PT-2021-14728 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue concerns the creation of symbolic links when unarchiving a symbolic link in FilePathuntar. Specifically, it does not check agent-to-controller...

9.1CVSS9.2AI score0.01342EPSS
Exploits0References9
CVE
CVE
added 2021/11/04 12:0 a.m.186 views

CVE-2021-21693

CVE-2021-21693 affects Jenkins FilePath handling. In affected versions (Jenkins 2.318 and earlier; LTS 2.303.2 and earlier), permission to create temporary files is checked after file creation. Remediation: upgrade to Jenkins 2.319 or LTS 2.303.3, which addresses this and related FilePath filteri...

9.8CVSS9.2AI score0.01505EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/11/04 12:0 a.m.5 views

Jenkins 访问控制错误漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins has an Access Control Error vulnerability that stems from FilePathmkdirs create parent directory operation is n...

9.1CVSS5.6AI score0.01469EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.3 views

PT-2021-5606 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue is related to the lack of access control for agent-to-controller in Jenkins, specifically affecting FilePathunzip and FilePathuntar. This could...

9.4CVSS9.1AI score0.01416EPSS
Exploits0References15
Rows per page
Query Builder