Description

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

Remediation

References

CVE-2021-21697

Related Vulnerabilities

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5204)

phpMyFAQ Other Vulnerability (CVE-2005-0702)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-8974)

Jboss EAP CVE-2023-4061 Vulnerability (CVE-2023-4061)

WordPress Plugin PowerPack Lite for Beaver Builder Local File Inclusion (1.3.0.3)

Severity

Critical

Classification

CVE-2021-21697 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities