Jenkins is a Jenkins open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins has an access control error vulnerability in versions 2.318 and earlier and LTS 2.303 and earlier, which stems from the use of the FilePath API without restricting the agent’s ability to read/write access to the libs/ directory in the build directory, allowing an attacker in control of the agent process to replace the trusted library’s code with a modified variant. An attacker could exploit this vulnerability to cause the execution of unpackaged code in the Jenkins controller process.
CPE | Name | Operator | Version |
---|---|---|---|
jenkins jenkins | le | 2.318 | |
jenkins jenkins lts | le | 2.303.2 |