Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-21696  

Jenkins before version 2.319 does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. This directory is used by the "Pipeline: Shared Groovy Libraries" Plugin to store copies of shared libraries. This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process. Jenkins 2.319 prohibits agent read/write access to the libs/ directory inside build directories.

Source
Severity High

Remote Yes

Type Sandbox escape

Description 

Jenkins before version 2.319 does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. This directory is used by the "Pipeline: Shared Groovy Libraries" Plugin to store copies of shared libraries.

This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.

Jenkins 2.319 prohibits agent read/write access to the libs/ directory inside build directories.

AVG-2526 jenkins 2.318-1 Critical Vulnerable 

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started