Описание
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Fixed | RHSA-2021:0637 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | conmon | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | jenkins | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | machine-config-daemon | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift-ansible | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift-clients | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | runc | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.6 | jenkins | Fixed | RHSA-2021:0423 | 17.02.2021 |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-863
https://bugzilla.redhat.com/show_bug.cgi?id=1925141jenkins: Missing permission check for paths with specific prefix
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
около 5 лет назад
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.
CVSS3: 5.3
debian
около 5 лет назад
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly ...
CVSS3: 5.3
github
больше 3 лет назад
Missing permission check for paths with specific prefix in Jenkins
5.3 Medium
CVSS3