Bypassing File Path Filtering in Jenkins 2.318 and Earlier

Bypassing File Path Filtering in Jenkins 2.318 and Earlier

CVE-2021-21690 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

Learn more about our Web Application Penetration Testing UK.