← Volver a CVEs
CVE-2021-21690
CRITICAL9.8
Descripcion
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/4/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
jenkins:jenkins
Debilidades (CWE)
CWE-22
Referencias
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455(jenkinsci-cert@googlegroups.com)
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.