CVE-2021-21698
published 2021-11-04CVE-2021-21698: Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | make_sure_to_read_the_plugin | — | — |
| jenkins | remoting_security_workaround_plugin | — | — |
| jenkins | shared_groovy_libraries_plugin | — | — |
| jenkins | subversion | <= 2.15.0 | — |
| jenkins | subversion_plugin | — | — |
| jenkins_project | jenkins_subversion_plugin | unspecified – 2.15.0 | — |