CVE-2021-21688
published 2021-11-04CVE-2021-21688: The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.33%
67.4th percentile
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | jenkins | < 2.303.3 | 2.303.3 |
| jenkins | jenkins | < 2.319 | 2.319 |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | make_sure_to_read_the_plugin | — | — |
| jenkins | remoting_security_workaround_plugin | — | — |
| jenkins | shared_groovy_libraries_plugin | — | — |
| jenkins | subversion_plugin | — | — |
| jenkins_project | jenkins | unspecified – 2.318 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access
vendor_redhat·2021-11-04·CVSS 7.5
CVE-2021-21688 [HIGH] CWE-22 jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access
jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).
An incorrect access restriction vulnerability was found in Jenkins. The FilePath#reading(FileVisitor) does not reject any operations giving users unrestricted read access with certain operations (creating archives, #copyRecursiveTo). This may allow an attacker to get access to restricted data.
Mitigation: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been ab
Jenkins
Jenkins Security Advisory 2021-11-04
vendor_jenkins·2021-11-04·CVSS 9.1
CVE-2021-21685 [CRITICAL] Jenkins Security Advisory 2021-11-04
Title: Jenkins Security Advisory 2021-11-04
Jenkins Security Advisory 2021-11-04
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins (core)
Subversion
Plugin
Descriptions
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control
SECURITY-2455
/
CVE-2021-21685, CVE-2021-216
OSV
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
osv·2022-05-24·CVSS 7.5
CVE-2021-21688 [HIGH] Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary files on the Jenkins controller file system, and obtain some information about Jenkins controller file systems.
SECURITY-2484 / CVE-2021-21688: `FilePath#reading(FileVisitor)` does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, `#copyRecursiveTo`).
We expect that most of these vulnerabilities have been present since [SECU
GHSA
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
ghsa·2022-05-24·CVSS 7.5
CVE-2021-21688 [HIGH] CWE-862 Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary files on the Jenkins controller file system, and obtain some information about Jenkins controller file systems.
SECURITY-2484 / CVE-2021-21688: `FilePath#reading(FileVisitor)` does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, `#copyRecursiveTo`).
We expect that most of these vulnerabilities have been present since [SECU
GHSA
Out-of-bounds Read in Onionshare
ghsa·2022-01-21
CVE-2022-21688 [HIGH] CWE-125 Out-of-bounds Read in Onionshare
Out-of-bounds Read in Onionshare
Between September 26, 2021 and October 8, 2021, [Radically Open Security](https://www.radicallyopensecurity.com/) conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's [Red Team lab](https://www.opentech.fund/labs/red-team-lab/). This is an issue from that penetration test.
- Vulnerability ID: OTF-014
- Vulnerability type: Out-of-bounds Read
- Threat level: Elevated
## Description:
The desktop application was found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing.
## Technical description:
Prerequisites:
- Onion address is known
- Public service or authentication is valid
- Desktop application is used
- History is displayed
The rendering of images found in OTF-001 (page 25)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-04
Published