CVE-2021-21683
MEDIUMJenkins < 2.303.1, < 2.314 - Path Traversal via Windows File Browser
Title source: llmDescription
The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.jenkins.io/security/advisory/2021-10-06/#SECURITY-2481
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/10/06/1
Scores
CVSS v3
6.5
EPSS
0.0174
EPSS Percentile
82.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (3)
jenkins/jenkins
< 2.303.1
jenkins/jenkins
< 2.314
org.jenkins-ci.main/jenkins-core
0 - 2.303.2Maven
Published
Oct 06, 2021
Tracked Since
Feb 18, 2026