Description

FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.

Remediation

References

CVE-2021-21692

Related Vulnerabilities

WordPress Plugin Japanized For WooCommerce Cross-Site Scripting (2.5.6)

WordPress Plugin WP-Cal 'id' Parameter SQL Injection (0.3)

WordPress Plugin Google +1 by BestWebSoft Cross-Site Scripting (1.3.3)

WordPress Plugin ActiveCampaign-Forms, Site Tracking, Live Chat Unspecified Vulnerability (5.7)

WordPress Plugin Advanced Custom Fields:Table Field Cross-Site Scripting (1.1.12)

Severity

Critical

Classification

CVE-2021-21692 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities