Search
Total
17 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8103 | 2 Jenkins, Redhat | 2 Jenkins, Openshift Container Platform | 2024-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'". | |||||
| CVE-2021-21689 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2021-21691 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2021-21690 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2021-21692 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'. | |||||
| CVE-2021-21693 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2021-21696 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. | |||||
| CVE-2021-21694 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2021-21685 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. | |||||
| CVE-2021-21687 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. | |||||
| CVE-2017-1000353 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default. | |||||
| CVE-2018-1000861 | 2 Jenkins, Redhat | 2 Jenkins, Openshift Container Platform | 2022-06-13 | 10.0 HIGH | 9.8 CRITICAL |
| A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way. | |||||
| CVE-2021-21697 | 1 Jenkins | 1 Jenkins | 2021-11-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. | |||||
| CVE-2016-9299 | 2 Fedoraproject, Jenkins | 2 Fedora, Jenkins | 2019-05-22 | 7.5 HIGH | 9.8 CRITICAL |
| The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. | |||||
| CVE-2016-0788 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2018-01-05 | 10.0 HIGH | 9.8 CRITICAL |
| The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. | |||||
| CVE-2016-0791 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2018-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach. | |||||
| CVE-2017-1000362 | 1 Jenkins | 1 Jenkins | 2017-07-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present. | |||||