Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jenkins Missing Authorization Vulnerability - CVE-2021-21688 - Vulnerability Database
Jenkins

Jenkins Missing Authorization Vulnerability - CVE-2021-21688

High
Reference: CVE-2021-21688
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-21688
Title: Jenkins Missing Authorization Vulnerability
Overview:

The agent-to-controller security check FilePathreading(FileVisitor) in Jenkins 2.318 and earlier LTS 2.303.2 and earlier does not reject any operations allowing users to have unrestricted read access using certain operations (creating archives FilePathcopyRecursiveTo).