Description

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

Remediation

References

CVE-2021-21697

Related Vulnerabilities

Jenkins Improper Input Validation Vulnerability (CVE-2016-0789)

WordPress Plugin Limit Attempts by BestWebSoft Cross-Site Scripting (1.1.7)

WordPress Plugin MDTF-Wordpress Meta Data & Taxonomies Filter Cross-Site Request Forgery (2.2.7.2)

Squid Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-4554)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7835)

Severity

Critical

Classification

CVE-2021-21697 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities