Jenkins

Jenkins

268 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.78%
  • Veröffentlicht 12.01.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:43:09

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

  • EPSS 1.91%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:50

File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.

  • EPSS 1.34%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:50

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.

  • EPSS 1.33%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:50

The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, Fi...

  • EPSS 1.42%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:50

FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • EPSS 2.45%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:50

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • EPSS 2.03%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:50

Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • EPSS 2.03%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:50

FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.

  • EPSS 1.51%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:50

When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • EPSS 1.51%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:50

FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.