Home

CVE-2021-21690

Description

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.504

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Jenkins 2.289.2Windows
Multiple vulnerabilities are fixed in Jenkins-Core 2.319Windows
Multiple vulnerabilities are fixed in Jenkins-Core 2.303.3Windows
Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.319Linux
Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.303.3Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234