Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD2BF56269-90F8-4A82-B82F-C0E289F2A0DC
HistoryNov 04, 2021 - 12:00 a.m.

jenkins -- multiple vulnerabilities

2021-11-0400:00:00
vuxml.freebsd.org
23

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.2%

JSON

Jenkins Security Advisory:

Description
(Critical) SECURITY-2455 / CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control
(High) SECURITY-2423 / CVE-2021-21696
Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin
(High) SECURITY-2428 / CVE-2021-21697
Agent-to-controller access control allows reading/writing most content of build directories
(Medium) SECURITY-2506 / CVE-2021-21698
Path traversal vulnerability in Subversion Plugin allows reading arbitrary files

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchjenkins< 2.319UNKNOWN
FreeBSDanynoarchjenkins-lts< 2.303.3UNKNOWN

Related

nessus 8
openvas 2
archlinux 1
redhat 5
cve 14
prion 14
redhatcve 14
alpinelinux 13
veracode 13
osv 41
cnvd 8
cvelist 14
github 14
nvd 14
nessus
nessus
Jenkins LTS < 2.303.3 / Jenkins weekly < 2.319 Multiple Vulnerabilities
2021-11-04 00:00:00
FreeBSD : jenkins -- multiple vulnerabilities (2bf56269-90f8-4a82-b82f-c0e289f2a0dc)
2021-11-05 00:00:00
RHEL 8 : OpenShift Container Platform 4.7.38 (RHSA-2021:4801)
2021-12-02 00:00:00
openvas
openvas
Jenkins < 2.303.3, < 2.319 Multiple Vulnerabilities - Windows
2021-11-05 00:00:00
Jenkins < 2.303.3, < 2.319 Multiple Vulnerabilities - Linux
2021-11-05 00:00:00
archlinux
archlinux
[ASA-202111-1] jenkins: multiple issues
2021-11-05 00:00:00
redhat
redhat
(RHSA-2021:4833) Important: OpenShift Container Platform 4.9.9 security update
2021-11-29 10:28:11
(RHSA-2021:4801) Important: OpenShift Container Platform 4.7.38 security update
2021-12-01 12:16:32
(RHSA-2021:4799) Important: OpenShift Container Platform 4.6.51 packages and security update
2021-12-02 18:25:53
cve
cve
CVE-2021-21696
2021-11-04 17:15:08
CVE-2021-21687
2021-11-04 17:15:08
CVE-2021-21693
2021-11-04 17:15:08
prion
prion
Code injection
2021-11-04 17:15:00
Code injection
2021-11-04 17:15:00
Design/Logic Flaw
2021-11-04 17:15:00
redhatcve
redhatcve
CVE-2021-21696
2021-11-04 16:52:28
CVE-2021-21687
2021-11-04 16:52:21
CVE-2021-21691
2021-11-04 16:53:38
alpinelinux
alpinelinux
CVE-2021-21696
2021-11-04 17:15:00
CVE-2021-21695
2021-11-04 17:15:00
CVE-2021-21694
2021-11-04 17:15:00
veracode
veracode
Privilege Escalation
2021-12-08 00:41:03
Privilege Escalation
2021-12-08 00:40:57
Privilege Escalation
2021-12-04 00:41:06
osv
osv
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
2022-05-24 19:19:44
CVE-2021-21696
2021-11-04 17:15:08
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
2022-05-24 19:19:43
cnvd
cnvd
Jenkins has an unspecified vulnerability (CNVD-2021-88719)
2021-11-08 00:00:00
Jenkins Access Control Error Vulnerability (CNVD-2021-103366)
2021-11-06 00:00:00
Jenkins has an unspecified vulnerability (CNVD-2021-88721)
2021-11-08 00:00:00
cvelist
cvelist
CVE-2021-21687
2021-11-04 16:30:27
CVE-2021-21696
2021-11-04 16:30:41
CVE-2021-21691
2021-11-04 16:30:33
github
github
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
2022-05-24 19:19:43
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
2022-05-24 19:19:44
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
2022-05-24 19:19:44
nvd
nvd
CVE-2021-21686
2021-11-04 17:15:08
CVE-2021-21687
2021-11-04 17:15:08
CVE-2021-21695
2021-11-04 17:15:08

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.2%

JSON
Related for 2BF56269-90F8-4A82-B82F-C0E289F2A0DC
nessus8openvas2archlinux1redhat5cve14prion14redhatcve14alpinelinux13veracode13osv41cnvd8cvelist14github14nvd14