Search for packages
| purl | pkg:alpm/archlinux/jenkins@2.318-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1kf2-8j67-7kg3
Aliases: CVE-2021-21686 GHSA-4g38-hrm4-rg94 |
Improper Link Resolution Before File Access ('Link Following') File path filters in the agent-to-controller security subsystem of Jenkins do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. |
Affected by 0 other vulnerabilities. |
|
VCID-53km-desw-w7d6
Aliases: CVE-2021-21696 GHSA-c5r9-rx53-q3gf |
Protection Mechanism Failure Jenkins does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. |
Affected by 0 other vulnerabilities. |
|
VCID-7w87-bm8n-bbbr
Aliases: CVE-2021-21688 GHSA-m9hr-259f-2v23 |
Missing Authorization The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo). |
Affected by 0 other vulnerabilities. |
|
VCID-b4zg-38x9-23dn
Aliases: CVE-2021-21687 GHSA-3q84-vrvx-rfvf |
Missing Authorization Jenkins does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. |
Affected by 0 other vulnerabilities. |
|
VCID-fvza-3rhj-8kbp
Aliases: CVE-2021-21690 GHSA-97c3-w9cr-6qc2 |
Protection Mechanism Failure Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins. |
Affected by 0 other vulnerabilities. |
|
VCID-h3nf-gwsr-5qf3
Aliases: CVE-2021-21694 GHSA-pgj6-jmj5-wqfx |
Missing Authorization File operations do not check any permissions in Jenkins. |
Affected by 0 other vulnerabilities. |
|
VCID-kf3a-yce1-auh4
Aliases: CVE-2021-21691 GHSA-2c79-h2h5-g3fw |
Incorrect Authorization Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins. |
Affected by 0 other vulnerabilities. |
|
VCID-nq1x-s9hz-a7fb
Aliases: CVE-2021-21695 GHSA-cvvm-4cr9-r436 |
Missing Authorization FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins. |
Affected by 0 other vulnerabilities. |
|
VCID-r3ry-745m-zuh1
Aliases: CVE-2021-21689 GHSA-j3cq-h6vh-gx7f |
Missing Authorization FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins. |
Affected by 0 other vulnerabilities. |
|
VCID-r3v1-qkky-dqcq
Aliases: CVE-2021-21685 GHSA-58xm-mxjf-254g |
Missing Authorization Jenkins does not check agent-to-controller access to create parent directories in FilePath#mkdirs. |
Affected by 0 other vulnerabilities. |
|
VCID-remx-jas5-1bfm
Aliases: CVE-2021-21692 GHSA-8xg4-xq2v-v6j7 |
Incorrect Authorization FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins only check 'read' agent-to-controller access permission on the source path, instead of 'delete'. |
Affected by 0 other vulnerabilities. |
|
VCID-wuvf-kdtu-tkc2
Aliases: CVE-2021-21693 GHSA-929w-q433-4h9x |
Improper Authorization When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins. |
Affected by 0 other vulnerabilities. |
|
VCID-zgtd-8mf6-ruc9
Aliases: CVE-2021-21697 GHSA-cv2w-q8c3-xjv7 |
Incomplete List of Disallowed Inputs Jenkins allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-06T05:35:33.386454+00:00 | Arch Linux Importer | Affected by | VCID-r3v1-qkky-dqcq | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.364438+00:00 | Arch Linux Importer | Affected by | VCID-1kf2-8j67-7kg3 | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.342227+00:00 | Arch Linux Importer | Affected by | VCID-b4zg-38x9-23dn | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.320566+00:00 | Arch Linux Importer | Affected by | VCID-7w87-bm8n-bbbr | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.298646+00:00 | Arch Linux Importer | Affected by | VCID-r3ry-745m-zuh1 | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.276949+00:00 | Arch Linux Importer | Affected by | VCID-fvza-3rhj-8kbp | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.255167+00:00 | Arch Linux Importer | Affected by | VCID-kf3a-yce1-auh4 | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.233347+00:00 | Arch Linux Importer | Affected by | VCID-remx-jas5-1bfm | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.211511+00:00 | Arch Linux Importer | Affected by | VCID-wuvf-kdtu-tkc2 | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.189558+00:00 | Arch Linux Importer | Affected by | VCID-h3nf-gwsr-5qf3 | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.166909+00:00 | Arch Linux Importer | Affected by | VCID-nq1x-s9hz-a7fb | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.144483+00:00 | Arch Linux Importer | Affected by | VCID-53km-desw-w7d6 | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-06T05:35:33.097839+00:00 | Arch Linux Importer | Affected by | VCID-zgtd-8mf6-ruc9 | https://security.archlinux.org/AVG-2526 | 38.1.0 |
| 2026-04-01T18:24:12.316634+00:00 | Arch Linux Importer | Affected by | VCID-r3v1-qkky-dqcq | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.290787+00:00 | Arch Linux Importer | Affected by | VCID-1kf2-8j67-7kg3 | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.266975+00:00 | Arch Linux Importer | Affected by | VCID-b4zg-38x9-23dn | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.242894+00:00 | Arch Linux Importer | Affected by | VCID-7w87-bm8n-bbbr | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.219228+00:00 | Arch Linux Importer | Affected by | VCID-r3ry-745m-zuh1 | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.194964+00:00 | Arch Linux Importer | Affected by | VCID-fvza-3rhj-8kbp | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.170168+00:00 | Arch Linux Importer | Affected by | VCID-kf3a-yce1-auh4 | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.146229+00:00 | Arch Linux Importer | Affected by | VCID-remx-jas5-1bfm | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.121148+00:00 | Arch Linux Importer | Affected by | VCID-wuvf-kdtu-tkc2 | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.096453+00:00 | Arch Linux Importer | Affected by | VCID-h3nf-gwsr-5qf3 | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.069304+00:00 | Arch Linux Importer | Affected by | VCID-nq1x-s9hz-a7fb | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.043647+00:00 | Arch Linux Importer | Affected by | VCID-53km-desw-w7d6 | https://security.archlinux.org/AVG-2526 | 38.0.0 |
| 2026-04-01T18:24:12.018110+00:00 | Arch Linux Importer | Affected by | VCID-zgtd-8mf6-ruc9 | https://security.archlinux.org/AVG-2526 | 38.0.0 |