FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- multiple vulnerabilities

Affected packages
jenkins < 2.319
jenkins-lts < 2.303.3

Details

VuXML ID 2bf56269-90f8-4a82-b82f-c0e289f2a0dc
Discovery 2021-11-04
Entry 2021-11-04

Jenkins Security Advisory:

Description

(Critical) SECURITY-2455 / CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control

(High) SECURITY-2423 / CVE-2021-21696

Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

(High) SECURITY-2428 / CVE-2021-21697

Agent-to-controller access control allows reading/writing most content of build directories

(Medium) SECURITY-2506 / CVE-2021-21698

Path traversal vulnerability in Subversion Plugin allows reading arbitrary files

[source]

References

CVE Name CVE-2021-21685
CVE Name CVE-2021-21686
CVE Name CVE-2021-21687
CVE Name CVE-2021-21688
CVE Name CVE-2021-21689
CVE Name CVE-2021-21690
CVE Name CVE-2021-21691
CVE Name CVE-2021-21692
CVE Name CVE-2021-21693
CVE Name CVE-2021-21694
CVE Name CVE-2021-21695
CVE Name CVE-2021-21696
CVE Name CVE-2021-21697
CVE Name CVE-2021-21698
URL https://www.jenkins.io/security/advisory/2021-11-04/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.