Insecure Temporary File Creation in Jenkins 2.318 and Earlier

Insecure Temporary File Creation in Jenkins 2.318 and Earlier

CVE-2021-21693 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

Learn more about our Web Application Penetration Testing UK.