Description

The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files.

Remediation

References

CVE-2021-21683

Related Vulnerabilities

Oracle Database Server CVE-2015-4900 Vulnerability (CVE-2015-4900)

Joomla Improper Input Validation Vulnerability (CVE-2018-12712)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2006-6943)

WordPress Plugin WordPress File Upload Multiple Vulnerabilities (2.7.6)

WordPress Plugin Wp-FileManager 'ajaxfilemanager.php' Arbitrary File Upload (1.2)

Severity

Medium

Classification

CVE-2021-21683 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities