Description

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

Remediation

References

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428

http://www.openwall.com/lists/oss-security/2021/11/04/3

Related Vulnerabilities

CVE-2022-29237 Vulnerability in maven package org.opencastproject:opencast-ingest-service-impl

CVE-2020-7768 Vulnerability in npm package @grpc/grpc-js

CVE-2017-12617 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2023-41327 Vulnerability in maven package org.wiremock:wiremock-webhooks-extension

CVE-2021-27582 Vulnerability in maven package org.mitre:openid-connect-server

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Patch Vendor Advisory Mailing List Third Party Advisory NVD-CWE-Other