CVE-2021-21692
published 2021-11-04CVE-2021-21692: FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission…
PriorityP351critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.03%
78.7th percentile
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | jenkins | < 2.303.3 | 2.303.3 |
| jenkins | jenkins | < 2.319 | 2.319 |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | make_sure_to_read_the_plugin | — | — |
| jenkins | remoting_security_workaround_plugin | — | — |
| jenkins | shared_groovy_libraries_plugin | — | — |
| jenkins | subversion_plugin | — | — |
| jenkins_project | jenkins | unspecified – 2.318 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa9.8CRITICAL
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
ghsa·2022-05-24·CVSS 9.8
CVE-2021-21692 [CRITICAL] CWE-22 Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary files on the Jenkins controller file system, and obtain some information about Jenkins controller file systems.
SECURITY-2538 / CVE-2021-21692: The operations `FilePath#renameTo` and `FilePath#moveAllChildrenTo` only check read permission on the source path.
We expect that most of these vulnerabilities have been present since [SECURITY-144 was addressed in the 2014-10-30 security advisory](htt
OSV
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
osv·2022-05-24·CVSS 9.8
CVE-2021-21692 [CRITICAL] Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary files on the Jenkins controller file system, and obtain some information about Jenkins controller file systems.
SECURITY-2538 / CVE-2021-21692: The operations `FilePath#renameTo` and `FilePath#moveAllChildrenTo` only check read permission on the source path.
We expect that most of these vulnerabilities have been present since [SECURITY-144 was addressed in the 2014-10-30 security advisory](htt
GHSA
Improper Access Control in Onionshare
ghsa·2022-01-21
CVE-2022-21692 [MEDIUM] CWE-287 Improper Access Control in Onionshare
Improper Access Control in Onionshare
Between September 26, 2021 and October 8, 2021, [Radically Open Security](https://www.radicallyopensecurity.com/) conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's [Red Team lab](https://www.opentech.fund/labs/red-team-lab/). This is an issue from that penetration test.
- Vulnerability ID: OTF-003
- Vulnerability type: Improper Access Control
- Threat level: Moderate
## Description:
Anyone with access to the chat environment can write messages disguised as another chat participant.
## Technical description:
Prerequisites:
- Alice and Bob are legitimate users
- A third user has access to the chat environment
This screenshot shows Alice (`glimpse-depress`) and Bob (`blinker-doorpost`) joined a chatroom and are
Red Hat
jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path
vendor_redhat·2021-11-04·CVSS 9.8
CVE-2021-21692 [CRITICAL] CWE-276 jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path
jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.
An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the Jenkins controller file system.
Mitigation: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. P
Jenkins
Jenkins Security Advisory 2021-11-04
vendor_jenkins·2021-11-04·CVSS 9.1
CVE-2021-21685 [CRITICAL] Jenkins Security Advisory 2021-11-04
Title: Jenkins Security Advisory 2021-11-04
Jenkins Security Advisory 2021-11-04
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins (core)
Subversion
Plugin
Descriptions
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control
SECURITY-2455
/
CVE-2021-21685, CVE-2021-216
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-04
Published