Description

When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

Remediation

References

CVE-2021-21693

Related Vulnerabilities

WordPress Plugin Photospace Responsive Gallery Unspecified Vulnerability (1.1.7)

WordPress Plugin External Links-nofollow, noopener & new window Cross-Site Request Forgery (2.57)

WordPress Plugin Pricing Table by Supsystic Cross-Site Request Forgery (1.8.0)

Pega Infinity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-35656)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Cross-Site Scripting (3.4.12)

Severity

Critical

Classification

CVE-2021-21693 CWE-285 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities