Description

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

Remediation

References

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428

http://www.openwall.com/lists/oss-security/2021/11/04/3

Related Vulnerabilities

CVE-2021-39177 Vulnerability in maven package org.geysermc:connector

CVE-2023-26470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2022-25878 Vulnerability in maven package org.webjars.npm:protobufjs

CVE-2021-44868 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2017-7525 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Patch Vendor Advisory Mailing List Third Party Advisory NVD-CWE-Other