Lucene search
K

465 matches found

Github Security Blog
Github Security Blog
added 2021/11/10 8:8 p.m.33 views

Arbitrary filepath traversal via URI injection

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...

9.8CVSS9.4AI score0.04065EPSS
Exploits0References9Affected Software1
CNVD
CNVD
added 2021/11/08 12:0 a.m.5 views

Jenkins Access Control Error Vulnerability (CNVD-2021-88718)

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins has an access control error vulnerability that stems from FilePathunzip and FilePathuntar not being subject to...

9.1CVSS6.5AI score0.01416EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/08 12:0 a.m.25 views

Jenkins Unauthorized Access Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins suffers from a security vulnerability that stems from FilePath listFiles listing symbolic links in Jenkins 2.318 a...

8.8CVSS1.4AI score0.02076EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/08 12:0 a.m.29 views

Jenkins has an unspecified vulnerability (CNVD-2021-88722)

Jenkins is an application of the Jenkins open source. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins 2.318 and earlier and LTS 2.303 and earlier versions have a security vulnerability that stems from the...

9.8CVSS0.8AI score0.01505EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/06 12:0 a.m.28 views

Jenkins Access Control Error Vulnerability (CNVD-2021-103366)

Jenkins is a Jenkins open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins has an access control error vulnerability in versions 2.318 and earlier and LTS 2.303 and earlier, which stems from the use of the FilePath AP...

9.8CVSS2.2AI score0.0232EPSS
Exploits0References1
NVD
NVD
added 2021/11/04 5:15 p.m.25 views

CVE-2021-21689

FilePathunzip and FilePathuntar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

9.1CVSS0.01416EPSS
Exploits0References1
OSV
OSV
added 2021/11/04 5:15 p.m.19 views

CVE-2021-21694

FilePathtoURI, FilePathhasSymlink, FilePathabsolutize, FilePathisDescendant, and FilePathgetDiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

9.8CVSS6.6AI score
Exploits0References1
OSV
OSV
added 2021/11/04 5:15 p.m.14 views

CVE-2021-21688

The agent-to-controller security check FilePathreadingFileVisitor in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations creating archives, FilePathcopyRecursiveTo...

7.5CVSS6.4AI score
Exploits0References1
NVD
NVD
added 2021/11/04 5:15 p.m.13 views

CVE-2021-21685

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePathmkdirs...

9.1CVSS0.01469EPSS
Exploits0References2
OSV
OSV
added 2021/11/04 5:15 p.m.15 views

CVE-2021-21685

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePathmkdirs...

9.1CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2021/11/04 5:15 p.m.14 views

Design/Logic Flaw

FilePathlistFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

6.8CVSS8.9AI score0.02076EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/11/04 5:15 p.m.28 views

Code injection

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results i...

7.5CVSS9.4AI score0.0232EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/11/04 5:15 p.m.14 views

Design/Logic Flaw

The agent-to-controller security check FilePathreadingFileVisitor in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations creating archives, FilePathcopyRecursiveTo...

5CVSS8AI score0.01327EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/04 5:15 p.m.18 views

Design/Logic Flaw

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePathmkdirs...

6.4CVSS9.1AI score0.01469EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/11/04 5:15 p.m.22 views

Server side request forgery (ssrf)

FilePathunzip and FilePathuntar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

6.4CVSS9.2AI score0.01416EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2021/11/04 5:15 p.m.24 views

CVE-2021-21694

FilePathtoURI, FilePathhasSymlink, FilePathabsolutize, FilePathisDescendant, and FilePathgetDiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...

9.8CVSS9.1AI score0.01505EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/11/04 5:15 p.m.22 views

CVE-2021-21692

FilePathrenameTo and FilePathmoveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'...

9.8CVSS9AI score0.02034EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/11/04 5:15 p.m.24 views

CVE-2021-21696

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results i...

9.8CVSS9.3AI score0.0232EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/11/04 4:52 p.m.26 views

CVE-2021-21695

An incorrect permissions validation vulnerability was found in Jenkins. The FilePathlistFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data. Mitigation Red Hat has investigated whether a possible...

9CVSS8.5AI score0.02076EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/11/04 4:52 p.m.51 views

CVE-2021-21696

An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with...

9.8CVSS9.2AI score0.0232EPSS
Exploits0References4
Rows per page
Query Builder