CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21698 – jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key
https://notcve.org/view.php?id=CVE-2021-21698
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. Jenkins Subversion Plugin versiones 2.15.0 y anteriores, no restringe el nombre de un archivo cuando es buscado un archivo de claves de subversión en el controlador desde un agente An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system. • http://www.openwall.com/lists/oss-security/2021/11/04/3 https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506 https://access.redhat.com/security/cve/CVE-2021-21698 https://bugzilla.redhat.com/show_bug.cgi?id=2020385 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21697 – jenkins: Agent-to-controller access control allows reading/writing most content of build directories
https://notcve.org/view.php?id=CVE-2021-21697
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. Jenkins versiones 2.318 y anteriores, LTS versiones 2.303.2 y anteriores, permiten a cualquier agente leer y escribir el contenido de cualquier directorio de construcción almacenado en Jenkins con muy pocas restricciones An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata). • http://www.openwall.com/lists/oss-security/2021/11/04/3 https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428 https://access.redhat.com/security/cve/CVE-2021-21697 https://bugzilla.redhat.com/show_bug.cgi?id=2020345 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21696 – jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin
https://notcve.org/view.php?id=CVE-2021-21696
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. Jenkins versiones 2.318 y anteriores, LTS versiones 2.303.2 y anteriores, no limitan el acceso de lectura/escritura del agente al directorio libs/ dentro de los directorios de construcción cuando son utilizadas las APIs FilePath, permitiendo a atacantes que controlan los procesos del agente reemplazar el código de una biblioteca confiable con una variante modificada. Esto resulta en una ejecución de código sin sandbox en el proceso del controlador de Jenkins An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. • http://www.openwall.com/lists/oss-security/2021/11/04/3 https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423 https://access.redhat.com/security/cve/CVE-2021-21696 https://bugzilla.redhat.com/show_bug.cgi?id=2020344 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21695 – jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.
https://notcve.org/view.php?id=CVE-2021-21695
FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. FilePath#listFiles lista los archivos fuera de los directorios a los que agentes pueden acceder cuando siguen enlaces simbólicos en Jenkins versiones 2.318 y anteriores, LTS versiones 2.303.2 y anteriores An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data. • http://www.openwall.com/lists/oss-security/2021/11/04/3 https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455 https://access.redhat.com/security/cve/CVE-2021-21695 https://bugzilla.redhat.com/show_bug.cgi?id=2020343 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21694 – jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions
https://notcve.org/view.php?id=CVE-2021-21694
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, y FilePath#get*DiskSpace no comprueban ningún permiso en Jenkins versiones 2.318 y anteriores, LTS versiones 2.303.2 y anteriores An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read and write arbitrary files on the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455 https://access.redhat.com/security/cve/CVE-2021-21694 https://bugzilla.redhat.com/show_bug.cgi?id=2020342 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •