jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21615)| ID: oval:org.secpod.oval:def:1801869 | Date: (C)2021-03-15 (M)2023-11-02 |
| Class: PATCH | Family: unix |
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. This issue is caused by an incorrectly applied fix for SECURITY-1452 / CVE-2021-21602 in the 2021-01-13 security advisory.
| Platform: |
| Alpine Linux 3.13 |
