Jenkins Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2021-21615)

Description

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.

Remediation

References

CVE-2021-21615

Related Vulnerabilities

WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)

MySQL CVE-2012-0485 Vulnerability (CVE-2012-0485)

WebLogic CVE-2023-21964 Vulnerability (CVE-2023-21964)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4321)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1606)

Severity

Medium

Classification

CVE-2021-21615 CWE-367 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags

Take action and discover your vulnerabilities