Description

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/04/3

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428

Related Vulnerabilities

CVE-2023-37953 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration

CVE-2023-24998 Vulnerability in maven package commons-fileupload:commons-fileupload

CVE-2022-21144 Vulnerability in npm package libxmljs

CVE-2022-39944 Vulnerability in maven package org.apache.linkis:linkis-engineplugin-jdbc

CVE-2021-27905 Vulnerability in maven package org.apache.solr:solr-core

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Mailing List Third Party Advisory Patch Vendor Advisory NVD-CWE-Other