463 matches found
CVE-2021-21694
FilePathtoURI, FilePathhasSymlink, FilePathabsolutize, FilePathisDescendant, and FilePathgetDiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...
CVE-2021-21692
FilePathrenameTo and FilePathmoveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'...
CVE-2021-21688
The agent-to-controller security check FilePathreadingFileVisitor in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations creating archives, FilePathcopyRecursiveTo...
CVE-2021-21685
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePathmkdirs...
PT-2021-5428 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue is related to the absence of an authorization procedure in the Jenkins automation server. This can allow a remote attacker to impact the...
PT-2021-14728 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue concerns the creation of symbolic links when unarchiving a symbolic link in FilePathuntar. Specifically, it does not check agent-to-controller...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins has a security vulnerability that stems from Jenkins 2.318 and earlier, LTS 2.303.2 and earlier in FilePath untar...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins that stems from an agent-to-controller security check FilePathreadingFileVisit...
Jenkins 后置链接漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins suffers from a security vulnerability that stems from FilePath listFiles listing symbolic links in Jenkins 2.318 a...
PT-2021-4993 · Jenkins · Remoting Security Workaround Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier Description: The issue is related to the implementation of the FilePath API in the Jenkins automation server, which does not limit agent read/write access to the libs/...
GHSA-4QWQ-Q4PR-RR7R Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Vulnerability in remove function leads to arbitrary code execution via filePath parameters
Aaptjs is a node wraper for aapt. An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Vulnerability in dump function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
GHSA-R496-7HGP-53WF Vulnerability in dump function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
GHSA-4G7X-7VGQ-3J28 Vulnerability in list function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Vulnerability in list function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
GHSA-7FW7-GH23-F832 Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...