Published: 13/01/2021 Updated: 25/10/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins jenkins

Synopsis Important: OpenShift Container Platform 4617 security and packages update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4617 is now available withupdates to packages and images that fix several bugsThis release includes a security update for Red ...

A security issue was found in Jenkins before version 2275 The file browser for workspaces, archived artifacts, and $JENKINS_HOME/userContent/ follows symbolic links to locations outside the directory being browsed in Jenkins 2274 and earlier, LTS 22631 and earlier This allows attackers with Job/Workspace permission and the ability to control ...

CWE-59 https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1452 https://access.redhat.com/errata/RHSA-2021:0423 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-21602

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-21602

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect