Описание
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 4.5 | conmon | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | jenkins | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | machine-config-daemon | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift-ansible | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | openshift-clients | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.5 | runc | Fixed | RHSA-2021:0429 | 03.03.2021 |
| Red Hat OpenShift Container Platform 4.6 | jenkins | Fixed | RHSA-2021:0423 | 17.02.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=1921322jenkins: Filesystem traversal by privileged users
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
около 5 лет назад
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
CVSS3: 5.3
debian
около 5 лет назад
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the ...
CVSS3: 5.3
github
больше 3 лет назад
Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
5.3 Medium
CVSS3