CVE-2021-21692

Name

CVE-2021-21692

Description

FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:jenkins:jenkins:::::lts:::*`	jenkins	>= None	< 2.303.3
`cpe:2.3:a:jenkins:jenkins:::::-:::*`	jenkins	>= None	< 2.319

References

Match rules

Vulnerable and fixed packages