CVE-2021-21695
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.
Severity Score
Exploit Likelihood
Affected Versions
2Public Exploits
0Exploited in Wild
-Decision
Descriptions
FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
FilePath#listFiles lista los archivos fuera de los directorios a los que agentes pueden acceder cuando siguen enlaces simbólicos en Jenkins versiones 2.318 y anteriores, LTS versiones 2.303.2 y anteriores
An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.22. Issues addressed include a bypass vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-11-04 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-securit... | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|