CVE-2021-21690
CRITICALJenkins < 2.303.3 and < 2.319 - Path Traversal via Agent File Path Wrapping
Title source: llmDescription
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455
Scores
CVSS v3
9.8
EPSS
0.0050
EPSS Percentile
66.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (3)
jenkins/jenkins
< 2.303.3
jenkins/jenkins
< 2.319
org.jenkins-ci.main/jenkins-core
0 - 2.303.3Maven
Published
Nov 04, 2021
Tracked Since
Feb 18, 2026