CVE-2021-21602
Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.393
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Jenkins 2.274 | Windows |
| Multiple vulnerabilities are fixed in Jenkins-Core 2.263.2 | Windows |
| Multiple vulnerabilities are fixed in Jenkins-Core 2.275 | Windows |
| Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.263.2 | Linux |
| Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.275 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234