CVE-2021-21602

Name
CVE-2021-21602
Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1452

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* jenkins >= None <= 2.263.1
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:* jenkins >= None <= 2.274

Vulnerable and fixed packages

Source package Branch Version Maintainer Status