CVE-2021-21696
published 2021-11-04CVE-2021-21696: Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.32%
81.3th percentile
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | jenkins | <= 2.303.2 | — |
| jenkins | jenkins | <= 2.318 | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | make_sure_to_read_the_plugin | — | — |
| jenkins | remoting_security_workaround_plugin | — | — |
| jenkins | shared_groovy_libraries_plugin | — | — |
| jenkins | subversion_plugin | — | — |
| jenkins_project | jenkins | unspecified – 2.318 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
osv·2022-05-24
CVE-2021-21696 [HIGH] Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the `libs/` directory inside build directories when using the `FilePath` APIs. This directory is used by the Pipeline: Shared Groovy Libraries Plugin to store copies of shared libraries.
This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.
Jenkins 2.319, LTS 2.303.3 prohibits agent read/write access to the `libs/` directory inside build directories.
If you are unable to immediately upgrade to Jenkins 2.319, LTS 2.303.3, you can
GHSA
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
ghsa·2022-05-24
CVE-2021-21696 [HIGH] CWE-693 Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the `libs/` directory inside build directories when using the `FilePath` APIs. This directory is used by the Pipeline: Shared Groovy Libraries Plugin to store copies of shared libraries.
This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.
Jenkins 2.319, LTS 2.303.3 prohibits agent read/write access to the `libs/` directory inside build directories.
If you are unable to immediately upgrade to Jenkins 2.319, LTS 2.303.3, you can
GHSA
Username spoofing in OnionShare
ghsa·2022-01-21
CVE-2022-21696 [MEDIUM] CWE-20 Username spoofing in OnionShare
Username spoofing in OnionShare
Between September 26, 2021 and October 8, 2021, [Radically Open Security](https://www.radicallyopensecurity.com/) conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's [Red Team lab](https://www.opentech.fund/labs/red-team-lab/). This is an issue from that penetration test.
- Vulnerability ID: OTF-005
- Vulnerability type: Improper Input Sanitization
- Threat level: Low
## Description:
It is possible to change the username to that of another chat participant with an additional space character at the end of the name string.
## Technical description:
Assumed users in Chat:
- Alice
- Bob
- Mallory
1. Mallory renames to `Alice `.
2. Mallory sends message as `Alice `.
3. Alice and Bob receive a message from Mallory disguised
Jenkins
Jenkins Security Advisory 2021-11-04
vendor_jenkins·2021-11-04·CVSS 9.1
CVE-2021-21685 [CRITICAL] Jenkins Security Advisory 2021-11-04
Title: Jenkins Security Advisory 2021-11-04
Jenkins Security Advisory 2021-11-04
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins (core)
Subversion
Plugin
Descriptions
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control
SECURITY-2455
/
CVE-2021-21685, CVE-2021-216
Red Hat
jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin
vendor_redhat·2021-11-04·CVSS 9.8
CVE-2021-21696 [CRITICAL] CWE-22 jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin
jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.
An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with a modif
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-04
Published