Описание
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file.
A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global config.xml file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Fixed | RHSA-2021:0637 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | conmon | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | jenkins | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | machine-config-daemon | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift-ansible | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift-clients | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | runc | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.6 | jenkins | Fixed | RHSA-2021:0423 | 17.02.2021 |
Показывать по
Дополнительная информация
Статус:
8 High
CVSS3
Связанные уязвимости
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with A ...
Path traversal vulnerability in Jenkins agent names
8 High
CVSS3