• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-863

CVE-2021-21664

February 23, 2023 by

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.

CVE-2021-21670

February 23, 2023 by

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.

CVE-2021-21691

February 23, 2023 by

Creating symbolic links is possible without the ‘symlink’ agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

CVE-2021-21692

February 23, 2023 by

FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check ‘read’ agent-to-controller access permission on the source path, instead of ‘delete’.

CVE-2021-21693

February 23, 2023 by

When creating temporary files, agent-to-controller access to create those files is only checked after they’ve been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

CVE-2021-21725

February 23, 2023 by

A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 104
  • Go to page 105
  • Go to page 106
  • Go to page 107
  • Go to page 108
  • Interim pages omitted …
  • Go to page 192
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE