Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-21685
Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions does not check agent-to-controller access to create parent directories in FilePath#mkdirs.
Jenkins Jenkins
9.1
CVSSv3
CVE-2021-21687
Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.
Jenkins Jenkins
9.1
CVSSv3
CVE-2021-21689
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21691
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21692
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21693
When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
8.8
CVSSv3
CVE-2021-21695
FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21696
Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library wi...
Jenkins Jenkins
9.1
CVSSv3
CVE-2021-21697
Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »