CVE-2021-21687 (jenkins)
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not…
CVE-2021-21689 (jenkins)
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access…
CVE-2021-21698 (subversion)
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the…
CVE-2021-21690 (jenkins)
Agent processes are able to completely bypass file path filtering…
CVE-2021-21695 (jenkins)
FilePath#listFiles lists files outside directories that agents are allowed to…
CVE-2021-21691 (jenkins)
Creating symbolic links is possible without the 'symlink' agent-to-controller access…
CVE-2021-21692 (jenkins)
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2…
CVE-2021-21693 (jenkins)
When creating temporary files, agent-to-controller access to create those files…
CVE-2021-21694 (jenkins)
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any…