CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21602 – jenkins: Arbitrary file read vulnerability in workspace browsers
https://notcve.org/view.php?id=CVE-2021-21602
13 Jan 2021 — Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. Jenkins versiones 2.274 y anteriores, LTS versiones 2.263.1 y anteriores, permite leer archivos arbitrarios usando el explorador de archivos para espacios de trabajo y artefactos archivados al seguir enlaces simbólicos. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-pre... • https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1452 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21603 – jenkins: XSS vulnerability in notification bar
https://notcve.org/view.php?id=CVE-2021-21603
13 Jan 2021 — Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. Jenkins versiones 2.274 y anteriores, LTS versiones 2.263.1 y anteriores, no escapan el contenido de respuesta de la barra de notificaciones, resultando en una vulnerabilidad de tipo cross-site scripting (XSS). A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the contents of the notification bar responses not... • https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •