CVE-2021-21692

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.28 % (68^th)

Affected Products 1

Advisories 4

FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.

Weaknesses

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2021-11-04 17:15:08
(2 years ago)
Updated Date: 2023-11-22 21:23:00
(10 months ago)

Affected Products

Jenkins

Jenkins

Configuration #1

		CPE23	From	Up To
	Jenkins prior 2.303.3 version	cpe:2.3:a:jenkins:jenkins::::*:lts		< 2.303.3
	Jenkins prior 2.319 version	cpe:2.3:a:jenkins:jenkins::::*:-		< 2.319