CVE-2021-21690 — CRITICAL (9.8)

Q: What is CVE-2021-21690?

CVE-2021-21690 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

Q: How severe is CVE-2021-21690?

CVE-2021-21690 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-21690?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins.

Vulnerability Description

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Jenkins	Jenkins	< 2.303.3

Related Weaknesses (CWE)

CWE-22

References

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455Vendor Advisory
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455Vendor Advisory

FAQ

What is CVE-2021-21690?

CVE-2021-21690 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

How severe is CVE-2021-21690?

CVE-2021-21690 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-21690?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins.