Published: 26/01/2021 Updated: 25/10/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins jenkins

Synopsis Important: OpenShift Container Platform 4617 security and packages update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4617 is now available withupdates to packages and images that fix several bugsThis release includes a security update for Red ...

Due to a time-of-check to time-of-use (TOCTOU) race condition, the file browser for workspaces, archived artifacts, and $JENKINS_HOME/userContent/ follows symbolic links to locations outside the directory being browsed in Jenkins 2275 and LTS 22632 This allows attackers with Job/Workspace permission and the ability to control workspace contents ...

oss-sec mailing list archives   By Date By Thread </form>    Vulnerability in Jenkins   From: Daniel Beck <ml () beckweb net> D ...

CWE-367 https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197 http://www.openwall.com/lists/oss-security/2021/01/26/2 https://access.redhat.com/errata/RHSA-2021:0423 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-21615

CVE-2021-21615

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect