Unrestricted Access to Files via Symbolic Links in Jenkins

Unrestricted Access to Files via Symbolic Links in Jenkins

CVE-2021-21695 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

Learn more about our Web Application Penetration Testing UK.