Description

FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.

Remediation

References

CVE-2021-21692

Related Vulnerabilities

phpMyFAQ Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Vulnerability (CVE-2023-5866)

Oracle Database Server CVE-2006-0271 Vulnerability (CVE-2006-0271)

MySQL CVE-2023-22092 Vulnerability (CVE-2023-22092)

XWiki Inadequate Encryption Strength Vulnerability (CVE-2022-29161)

WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)

Severity

Critical

Classification

CVE-2021-21692 CWE-863

Tags

Missing Update Known Vulnerabilities