VulnerableCode Package Details - pkg:alpm/archlinux/jenkins@2.319-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1kf2-8j67-7kg3	Improper Link Resolution Before File Access ('Link Following') File path filters in the agent-to-controller security subsystem of Jenkins do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.	CVE-2021-21686 GHSA-4g38-hrm4-rg94
VCID-53km-desw-w7d6	Protection Mechanism Failure Jenkins does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.	CVE-2021-21696 GHSA-c5r9-rx53-q3gf
VCID-7w87-bm8n-bbbr	Missing Authorization The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).	CVE-2021-21688 GHSA-m9hr-259f-2v23
VCID-b4zg-38x9-23dn	Missing Authorization Jenkins does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.	CVE-2021-21687 GHSA-3q84-vrvx-rfvf
VCID-fvza-3rhj-8kbp	Protection Mechanism Failure Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins.	CVE-2021-21690 GHSA-97c3-w9cr-6qc2
VCID-h3nf-gwsr-5qf3	Missing Authorization File operations do not check any permissions in Jenkins.	CVE-2021-21694 GHSA-pgj6-jmj5-wqfx
VCID-kf3a-yce1-auh4	Incorrect Authorization Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins.	CVE-2021-21691 GHSA-2c79-h2h5-g3fw
VCID-nq1x-s9hz-a7fb	Missing Authorization FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins.	CVE-2021-21695 GHSA-cvvm-4cr9-r436
VCID-r3ry-745m-zuh1	Missing Authorization FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins.	CVE-2021-21689 GHSA-j3cq-h6vh-gx7f
VCID-r3v1-qkky-dqcq	Missing Authorization Jenkins does not check agent-to-controller access to create parent directories in FilePath#mkdirs.	CVE-2021-21685 GHSA-58xm-mxjf-254g
VCID-remx-jas5-1bfm	Incorrect Authorization FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.	CVE-2021-21692 GHSA-8xg4-xq2v-v6j7
VCID-wuvf-kdtu-tkc2	Improper Authorization When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins.	CVE-2021-21693 GHSA-929w-q433-4h9x
VCID-zgtd-8mf6-ruc9	Incomplete List of Disallowed Inputs Jenkins allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.	CVE-2021-21697 GHSA-cv2w-q8c3-xjv7

Vulnerability

Summary

Aliases

VCID-1kf2-8j67-7kg3

Improper Link Resolution Before File Access ('Link Following') File path filters in the agent-to-controller security subsystem of Jenkins do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.

CVE-2021-21686
GHSA-4g38-hrm4-rg94

VCID-53km-desw-w7d6

Protection Mechanism Failure Jenkins does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.

CVE-2021-21696
GHSA-c5r9-rx53-q3gf

VCID-7w87-bm8n-bbbr

Missing Authorization The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).

CVE-2021-21688
GHSA-m9hr-259f-2v23

VCID-b4zg-38x9-23dn

Missing Authorization Jenkins does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.

CVE-2021-21687
GHSA-3q84-vrvx-rfvf

VCID-fvza-3rhj-8kbp

Protection Mechanism Failure Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins.

CVE-2021-21690
GHSA-97c3-w9cr-6qc2

VCID-h3nf-gwsr-5qf3

Missing Authorization File operations do not check any permissions in Jenkins.

CVE-2021-21694
GHSA-pgj6-jmj5-wqfx

VCID-kf3a-yce1-auh4

Incorrect Authorization Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins.

CVE-2021-21691
GHSA-2c79-h2h5-g3fw

VCID-nq1x-s9hz-a7fb

Missing Authorization FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins.

CVE-2021-21695
GHSA-cvvm-4cr9-r436

VCID-r3ry-745m-zuh1

Missing Authorization FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins.

CVE-2021-21689
GHSA-j3cq-h6vh-gx7f

VCID-r3v1-qkky-dqcq

Missing Authorization Jenkins does not check agent-to-controller access to create parent directories in FilePath#mkdirs.

CVE-2021-21685
GHSA-58xm-mxjf-254g

VCID-remx-jas5-1bfm

Incorrect Authorization FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.

CVE-2021-21692
GHSA-8xg4-xq2v-v6j7

VCID-wuvf-kdtu-tkc2

Improper Authorization When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins.

CVE-2021-21693
GHSA-929w-q433-4h9x

VCID-zgtd-8mf6-ruc9

Incomplete List of Disallowed Inputs Jenkins allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

CVE-2021-21697
GHSA-cv2w-q8c3-xjv7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-06T05:35:33.389982+00:00	Arch Linux Importer	Fixing	VCID-r3v1-qkky-dqcq	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.367946+00:00	Arch Linux Importer	Fixing	VCID-1kf2-8j67-7kg3	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.345666+00:00	Arch Linux Importer	Fixing	VCID-b4zg-38x9-23dn	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.324130+00:00	Arch Linux Importer	Fixing	VCID-7w87-bm8n-bbbr	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.302107+00:00	Arch Linux Importer	Fixing	VCID-r3ry-745m-zuh1	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.280448+00:00	Arch Linux Importer	Fixing	VCID-fvza-3rhj-8kbp	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.258623+00:00	Arch Linux Importer	Fixing	VCID-kf3a-yce1-auh4	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.236855+00:00	Arch Linux Importer	Fixing	VCID-remx-jas5-1bfm	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.214983+00:00	Arch Linux Importer	Fixing	VCID-wuvf-kdtu-tkc2	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.193021+00:00	Arch Linux Importer	Fixing	VCID-h3nf-gwsr-5qf3	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.170532+00:00	Arch Linux Importer	Fixing	VCID-nq1x-s9hz-a7fb	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.148024+00:00	Arch Linux Importer	Fixing	VCID-53km-desw-w7d6	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-06T05:35:33.102407+00:00	Arch Linux Importer	Fixing	VCID-zgtd-8mf6-ruc9	https://security.archlinux.org/AVG-2526	38.1.0
2026-04-01T18:24:12.320303+00:00	Arch Linux Importer	Fixing	VCID-r3v1-qkky-dqcq	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.294512+00:00	Arch Linux Importer	Fixing	VCID-1kf2-8j67-7kg3	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.270579+00:00	Arch Linux Importer	Fixing	VCID-b4zg-38x9-23dn	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.246617+00:00	Arch Linux Importer	Fixing	VCID-7w87-bm8n-bbbr	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.222882+00:00	Arch Linux Importer	Fixing	VCID-r3ry-745m-zuh1	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.198712+00:00	Arch Linux Importer	Fixing	VCID-fvza-3rhj-8kbp	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.173949+00:00	Arch Linux Importer	Fixing	VCID-kf3a-yce1-auh4	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.150010+00:00	Arch Linux Importer	Fixing	VCID-remx-jas5-1bfm	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.124841+00:00	Arch Linux Importer	Fixing	VCID-wuvf-kdtu-tkc2	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.100180+00:00	Arch Linux Importer	Fixing	VCID-h3nf-gwsr-5qf3	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.073348+00:00	Arch Linux Importer	Fixing	VCID-nq1x-s9hz-a7fb	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.047497+00:00	Arch Linux Importer	Fixing	VCID-53km-desw-w7d6	https://security.archlinux.org/AVG-2526	38.0.0
2026-04-01T18:24:12.022828+00:00	Arch Linux Importer	Fixing	VCID-zgtd-8mf6-ruc9	https://security.archlinux.org/AVG-2526	38.0.0

2026-04-06T05:35:33.389982+00:00

Arch Linux Importer

Fixing