Download
| Alert*
oval:org.secpod.oval:def:1801869
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. This issue is caused by an incorrectly applied fix for SECURITY-1452 / CVE-2021-21602 in the 2021-01-13 security ad ... oval:org.secpod.oval:def:68936 The host is installed with Jenkins LTS through 2.263.2 or Jenkins rolling release through 2.275 and is prone to an arbitrary file read vulnerability. A flaw is present in the application, which fails to properly handle an time-of-check to time-of-use (TOCTOU) race condition issue in workspace browse ... oval:org.secpod.oval:def:68973 The host is installed with Jenkins LTS through 2.263.2 or Jenkins rolling release through 2.275 and is prone to an arbitrary file read vulnerability. A flaw is present in the application, which fails to properly handle an time-of-check to time-of-use (TOCTOU) race condition issue in workspace browse ... oval:org.secpod.oval:def:68972 The host is installed with Jenkins LTS through 2.263.2 or Jenkins rolling release through 2.275 and is prone to an arbitrary file read vulnerability. A flaw is present in the application, which fails to properly handle an time-of-check to time-of-use (TOCTOU) race condition issue in workspace browse ... oval:org.secpod.oval:def:68913 The host is installed with Jenkins LTS through 2.263.2 or Jenkins rolling release through 2.275 and is prone to an arbitrary file read vulnerability. A flaw is present in the application, which fails to properly handle an time-of-check to time-of-use (TOCTOU) race condition issue in workspace browse ... |