3 matches found
CVE-2021-21647
CVE-2021-21647 affects Jenkins CloudBees CD Plugin 1.1.21 and earlier. The root cause is a missing permission check on an HTTP endpoint, which allows attackers with Item/Read permission to schedule builds for projects without having Item/Build permission. Documented impact is that unauthorized us...
CVE-2023-46654
CVE-2023-46654 affects Jenkins CloudBees CD Plugin 1.1.32 and earlier. The cleanup step “CloudBees CD - Publish Artifact” follows symbolic links to locations outside the expected directory, enabling an attacker who can configure jobs to delete arbitrary files on the Jenkins controller filesystem....
CVE-2023-46655
CVE-2023-46655 affects Jenkins CloudBees CD Plugin 1.1.32 and earlier, which, during the CloudBees CD - Publish Artifact post-build step, follows symbolic links to locations outside the published artifacts directory. This can allow attackers who can configure jobs to publish arbitrary files from ...