Описание
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Fixed | RHSA-2021:0637 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | conmon | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | jenkins | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | machine-config-daemon | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift-ansible | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift-clients | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | runc | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.6 | jenkins | Fixed | RHSA-2021:0423 | 17.02.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-59
https://bugzilla.redhat.com/show_bug.cgi?id=1925161jenkins: Arbitrary file read vulnerability in workspace browsers
EPSS
Процентиль: 80%
0.01393
Низкий
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
около 5 лет назад
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
CVSS3: 6.5
debian
около 5 лет назад
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbi ...
CVSS3: 6.5
github
больше 3 лет назад
Arbitrary file read vulnerability in workspace browsers in Jenkins
EPSS
Процентиль: 80%
0.01393
Низкий
6.5 Medium
CVSS3