Bypassing File Path Filtering in Jenkins 2.318 and Earlier
CVE-2021-21690 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Learn more about our Web Application Penetration Testing UK.