CVE-2021-21697 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/04/3

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428

Related Vulnerabilities

CVE-2018-1000407 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-5748 Vulnerability in maven package org.traccar:traccar

CVE-2019-10795 Vulnerability in maven package org.webjars.npm:undefsafe

CVE-2022-41918 Vulnerability in maven package org.opensearch.plugin:opensearch-security

CVE-2019-10374 Vulnerability in maven package org.jenkins-ci.plugins:pegdown-formatter

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N