463 matches found
Privilege Escalation
jenkins is vulnerable to privilege escalation. The vulnerability exists due to a lack of limiting the agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library wit...
Privilege Escalation
jenkins is vulnerable to privilege escalation. The FilePathreading does not reject any operations, allowing an attacker to have unrestricted read access, using a specific procedure...
Privilege Escalation
jenkins is vulnerable to privilege escalation. The vulnerability exists because the FilePathmkdirs does not check permission to create parent directories...
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathlistFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data...
jenkins: FilePath#mkdirs does not check permission to create parent directories
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathmkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system...
jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathuntar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system...
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathlistFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data...
jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access
An incorrect access restriction vulnerability was found in Jenkins. The FilePathreadingFileVisitor does not reject any operations giving users unrestricted read access with certain operations creating archives, copyRecursiveTo. This may allow an attacker to get access to restricted data...
jenkins: FilePath#mkdirs does not check permission to create parent directories
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathmkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system...
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathlistFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data...
The vulnerability of the FilePath API implementation in the Jenkins automation server allows a hacker to execute arbitrary code.
The vulnerability of the FilePath API implementation in the Jenkins automation server relates to unlimited access to the libs/ directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathlistFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data...
jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access
An incorrect access restriction vulnerability was found in Jenkins. The FilePathreadingFileVisitor does not reject any operations giving users unrestricted read access with certain operations creating archives, copyRecursiveTo. This may allow an attacker to get access to restricted data...
jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access
An incorrect access restriction vulnerability was found in Jenkins. The FilePathreadingFileVisitor does not reject any operations giving users unrestricted read access with certain operations creating archives, copyRecursiveTo. This may allow an attacker to get access to restricted data...
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathlistFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data...
jenkins: FilePath#mkdirs does not check permission to create parent directories
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathmkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system...
CVE-2021-3907 Arbitrary filepath traversal via URI injection
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...
GHSA-CQH2-VC2F-Q4FH Arbitrary filepath traversal via URI injection
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...
Arbitrary filepath traversal via URI injection
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...
Jenkins Access Control Error Vulnerability (CNVD-2021-88718)
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins has an access control error vulnerability that stems from FilePathunzip and FilePathuntar not being subject to...