#VU57983 Protection Mechanism Failure in Jenkins and Jenkins LTS - CVE-2021-21690
Published: November 8, 2021
Vulnerability identifier: #VU57983
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2021-21690
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Jenkins
Jenkins LTS
Jenkins
Jenkins LTS
Software vendor:
Jenkins
Jenkins
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. An attacker can bypass implemented security restrictions and elevate privileges on the system.
Remediation
Install updates from vendor's website.