Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.2
Next non-vulnerable version 2.315
Latest non-vulnerable version 2.555
Risk 4.5
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-53km-desw-w7d6
Aliases:
CVE-2021-21696
GHSA-c5r9-rx53-q3gf
Protection Mechanism Failure Jenkins does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.
2.303.3
Affected by 11 other vulnerabilities.
2.319
Affected by 0 other vulnerabilities.
VCID-7w87-bm8n-bbbr
Aliases:
CVE-2021-21688
GHSA-m9hr-259f-2v23
Missing Authorization The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).
2.303.3
Affected by 11 other vulnerabilities.
2.319
Affected by 0 other vulnerabilities.
VCID-b4zg-38x9-23dn
Aliases:
CVE-2021-21687
GHSA-3q84-vrvx-rfvf
Missing Authorization Jenkins does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.
2.303.3
Affected by 11 other vulnerabilities.
2.319
Affected by 0 other vulnerabilities.
VCID-fvza-3rhj-8kbp
Aliases:
CVE-2021-21690
GHSA-97c3-w9cr-6qc2
Protection Mechanism Failure Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins.
2.303.3
Affected by 11 other vulnerabilities.
2.319
Affected by 0 other vulnerabilities.
VCID-h3nf-gwsr-5qf3
Aliases:
CVE-2021-21694
GHSA-pgj6-jmj5-wqfx
Missing Authorization File operations do not check any permissions in Jenkins.
2.303.3
Affected by 11 other vulnerabilities.
2.319
Affected by 0 other vulnerabilities.
VCID-kf3a-yce1-auh4
Aliases:
CVE-2021-21691
GHSA-2c79-h2h5-g3fw
Incorrect Authorization Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins.
2.303.3
Affected by 11 other vulnerabilities.
2.319
Affected by 0 other vulnerabilities.
VCID-remx-jas5-1bfm
Aliases:
CVE-2021-21692
GHSA-8xg4-xq2v-v6j7
Incorrect Authorization FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.
2.303.3
Affected by 11 other vulnerabilities.
2.319
Affected by 0 other vulnerabilities.
VCID-zgtd-8mf6-ruc9
Aliases:
CVE-2021-21697
GHSA-cv2w-q8c3-xjv7
Incomplete List of Disallowed Inputs Jenkins allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
2.303.3
Affected by 11 other vulnerabilities.
2.319
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-4m6t-zty2-b3d6 Improper Encoding or Escaping of Output Jenkins accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows. CVE-2021-21682
GHSA-6q4g-84f3-mw74
VCID-tdb7-6gx7-1ucr Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The file browser in Jenkins may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files. CVE-2021-21683
GHSA-4pw5-r58h-fv24

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:02:18.721183+00:00 GHSA Importer Affected by VCID-7w87-bm8n-bbbr https://github.com/advisories/GHSA-m9hr-259f-2v23 38.0.0
2026-04-01T16:02:18.670129+00:00 GHSA Importer Affected by VCID-h3nf-gwsr-5qf3 https://github.com/advisories/GHSA-pgj6-jmj5-wqfx 38.0.0
2026-04-01T16:02:18.524560+00:00 GHSA Importer Affected by VCID-kf3a-yce1-auh4 https://github.com/advisories/GHSA-2c79-h2h5-g3fw 38.0.0
2026-04-01T16:02:18.404624+00:00 GHSA Importer Affected by VCID-fvza-3rhj-8kbp https://github.com/advisories/GHSA-97c3-w9cr-6qc2 38.0.0
2026-04-01T16:02:18.375730+00:00 GHSA Importer Affected by VCID-b4zg-38x9-23dn https://github.com/advisories/GHSA-3q84-vrvx-rfvf 38.0.0
2026-04-01T16:02:18.282130+00:00 GHSA Importer Affected by VCID-remx-jas5-1bfm https://github.com/advisories/GHSA-8xg4-xq2v-v6j7 38.0.0
2026-04-01T16:02:18.150931+00:00 GHSA Importer Affected by VCID-53km-desw-w7d6 https://github.com/advisories/GHSA-c5r9-rx53-q3gf 38.0.0
2026-04-01T16:02:18.005624+00:00 GHSA Importer Affected by VCID-zgtd-8mf6-ruc9 https://github.com/advisories/GHSA-cv2w-q8c3-xjv7 38.0.0
2026-04-01T16:02:16.845009+00:00 GHSA Importer Fixing VCID-4m6t-zty2-b3d6 https://github.com/advisories/GHSA-6q4g-84f3-mw74 38.0.0
2026-04-01T16:02:16.786457+00:00 GHSA Importer Fixing VCID-tdb7-6gx7-1ucr https://github.com/advisories/GHSA-4pw5-r58h-fv24 38.0.0
2026-04-01T13:10:50.724419+00:00 GithubOSV Importer Fixing VCID-tdb7-6gx7-1ucr https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4pw5-r58h-fv24/GHSA-4pw5-r58h-fv24.json 38.0.0
2026-04-01T13:08:17.981575+00:00 GithubOSV Importer Fixing VCID-4m6t-zty2-b3d6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6q4g-84f3-mw74/GHSA-6q4g-84f3-mw74.json 38.0.0
2026-04-01T12:48:59.896980+00:00 GitLab Importer Affected by VCID-53km-desw-w7d6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21696.yml 38.0.0
2026-04-01T12:48:59.829288+00:00 GitLab Importer Affected by VCID-zgtd-8mf6-ruc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21697.yml 38.0.0