2 matches found
jenkins: Arbitrary file existence check in file fingerprints
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path...
PT-2021-14649 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue arises from improper validation of the format of a provided fingerprint ID when checking for its existence. This allows an attacker to check fo...