Unrestricted Access to Files via Symbolic Links in Jenkins
CVE-2021-21695 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Learn more about our Web Application Penetration Testing UK.