Description

FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.

Remediation

References

CVE-2021-21692

Related Vulnerabilities

WordPress Plugin Events Manager Extended 'admin.php' SQL Injection (3.1.2)

WordPress Plugin Quotes and Tips by BestWebSoft Cross-Site Scripting (1.32)

WordPress Plugin Pinterest Automatic Pin Security Bypass (4.14.3)

MySQL CVE-2018-3082 Vulnerability (CVE-2018-3082)

WordPress Plugin WP-Forum Multiple SQL Injection Vulnerabilities (2.3)

Severity

Critical

Classification

CVE-2021-21692 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities