Jenkins

Jenkins

268 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.08%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:51

FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

  • EPSS 2.32%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:51

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted ...

  • EPSS 1.55%
  • Veröffentlicht 04.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:51

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

  • EPSS 1.47%
  • Veröffentlicht 04.11.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:48:49

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.

  • EPSS 0.97%
  • Veröffentlicht 06.10.2021 23:15:06
  • Zuletzt bearbeitet 21.11.2024 05:48:49

Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.

  • EPSS 2.1%
  • Veröffentlicht 06.10.2021 23:15:06
  • Zuletzt bearbeitet 21.11.2024 05:48:49

The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/W...

  • EPSS 1.98%
  • Veröffentlicht 30.06.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:48

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.

  • EPSS 1.71%
  • Veröffentlicht 30.06.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:48

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.

  • EPSS 1.91%
  • Veröffentlicht 07.04.2021 14:15:17
  • Zuletzt bearbeitet 21.11.2024 05:48:45

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.

  • EPSS 2.73%
  • Veröffentlicht 07.04.2021 14:15:16
  • Zuletzt bearbeitet 21.11.2024 05:48:44

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node ...