CVE-2021-21698

CWE-22 — Path Traversal6 documents6 sources

Severity

7.5HIGH

EPSS

3.7%

top 12.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Subversion Plugin Jenkins Subversion

Timeline

PublishedNov 4

Latest updateMay 24

Description

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:subversion< 2.15.1

▶CVEListV5jenkins_project/jenkins_subversion_pluginunspecified — 2.15.0

▶NVDjenkins/subversion2.15.0

🔴Vulnerability Details

GHSA

Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files↗2022-05-24

▶

OSV

Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files↗2022-05-24

▶

CVEList

CVE-2021-21698: Jenkins Subversion Plugin 2↗2021-11-04

▶

📋Vendor Advisories

Red Hat

jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key↗2021-11-04

▶

Jenkins

Jenkins Security Advisory 2021-11-04↗2021-11-04

▶