BIT-jenkins-2021-21690

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/jenkins/BIT-jenkins-2021-21690.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-jenkins-2021-21690

Aliases

CVE-2021-21690
GHSA-97c3-w9cr-6qc2

Published

2024-03-06T11:00:16.369Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

References

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

Affected packages

Bitnami / jenkins

Package

Name: jenkins
Purl: pkg:bitnami/jenkins

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.303.3

Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.319.0