Arbitrary File Reading Vulnerability in Jenkins 2.274 and Earlier

Arbitrary File Reading Vulnerability in Jenkins 2.274 and Earlier

CVE-2021-21602 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.

Learn more about our Cis Benchmark Audit For Google Workspace.