Description

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

Remediation

References

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

Related Vulnerabilities

CVE-2018-1000193 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2021-21605 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:catalina-ant

CVE-2023-45135 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-skin-resources

CVE-2022-33140 Vulnerability in maven package org.apache.nifi:nifi

Severity

Critical

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory