4 matches found
Path traversal vulnerability in Jenkins agent names
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override unrelated config.xml files. If the global config.xml file is replaced, Jenkins will start up with unsafe legacy defaults after a restart. Jenkins...
CVE-2021-21605
CVE-2021-21605 is a path traversal vulnerability in Jenkins where users with Agent/Configure permission can select agent names that cause Jenkins to override unrelated global config.xml files. Public details show affected versions include Jenkins 2.274 and earlier, LTS 2.263.1 and earlier; fixed ...
PT-2021-14648 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier, LTS versions 2.263.1 and earlier Description: The issue allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file. If the global config.xml...
PT-2021-14646 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue results from the failure to escape notification bar response contents, leading to a cross-site scripting XSS vulnerability. This vulnerability...