Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3
Next non-vulnerable version 2.315
Latest non-vulnerable version 2.555
Risk 4.5
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-1kf2-8j67-7kg3
Aliases:
CVE-2021-21686
GHSA-4g38-hrm4-rg94
Improper Link Resolution Before File Access ('Link Following') File path filters in the agent-to-controller security subsystem of Jenkins do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.
2.319
Affected by 0 other vulnerabilities.
VCID-7w87-bm8n-bbbr
Aliases:
CVE-2021-21688
GHSA-m9hr-259f-2v23
Missing Authorization The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).
2.319
Affected by 0 other vulnerabilities.
VCID-b4zg-38x9-23dn
Aliases:
CVE-2021-21687
GHSA-3q84-vrvx-rfvf
Missing Authorization Jenkins does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.
2.319
Affected by 0 other vulnerabilities.
VCID-fvza-3rhj-8kbp
Aliases:
CVE-2021-21690
GHSA-97c3-w9cr-6qc2
Protection Mechanism Failure Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins.
2.319
Affected by 0 other vulnerabilities.
VCID-h3nf-gwsr-5qf3
Aliases:
CVE-2021-21694
GHSA-pgj6-jmj5-wqfx
Missing Authorization File operations do not check any permissions in Jenkins.
2.319
Affected by 0 other vulnerabilities.
VCID-kf3a-yce1-auh4
Aliases:
CVE-2021-21691
GHSA-2c79-h2h5-g3fw
Incorrect Authorization Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins.
2.319
Affected by 0 other vulnerabilities.
VCID-nq1x-s9hz-a7fb
Aliases:
CVE-2021-21695
GHSA-cvvm-4cr9-r436
Missing Authorization FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins.
2.319
Affected by 0 other vulnerabilities.
VCID-r3ry-745m-zuh1
Aliases:
CVE-2021-21689
GHSA-j3cq-h6vh-gx7f
Missing Authorization FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins.
2.319
Affected by 0 other vulnerabilities.
VCID-r3v1-qkky-dqcq
Aliases:
CVE-2021-21685
GHSA-58xm-mxjf-254g
Missing Authorization Jenkins does not check agent-to-controller access to create parent directories in FilePath#mkdirs.
2.319
Affected by 0 other vulnerabilities.
VCID-remx-jas5-1bfm
Aliases:
CVE-2021-21692
GHSA-8xg4-xq2v-v6j7
Incorrect Authorization FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.
2.319
Affected by 0 other vulnerabilities.
VCID-wuvf-kdtu-tkc2
Aliases:
CVE-2021-21693
GHSA-929w-q433-4h9x
Improper Authorization When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins.
2.319
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (13)
Vulnerability Summary Aliases
VCID-1kf2-8j67-7kg3 Improper Link Resolution Before File Access ('Link Following') File path filters in the agent-to-controller security subsystem of Jenkins do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. CVE-2021-21686
GHSA-4g38-hrm4-rg94
VCID-53km-desw-w7d6 Protection Mechanism Failure Jenkins does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. CVE-2021-21696
GHSA-c5r9-rx53-q3gf
VCID-7w87-bm8n-bbbr Missing Authorization The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo). CVE-2021-21688
GHSA-m9hr-259f-2v23
VCID-b4zg-38x9-23dn Missing Authorization Jenkins does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. CVE-2021-21687
GHSA-3q84-vrvx-rfvf
VCID-fvza-3rhj-8kbp Protection Mechanism Failure Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins. CVE-2021-21690
GHSA-97c3-w9cr-6qc2
VCID-h3nf-gwsr-5qf3 Missing Authorization File operations do not check any permissions in Jenkins. CVE-2021-21694
GHSA-pgj6-jmj5-wqfx
VCID-kf3a-yce1-auh4 Incorrect Authorization Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins. CVE-2021-21691
GHSA-2c79-h2h5-g3fw
VCID-nq1x-s9hz-a7fb Missing Authorization FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins. CVE-2021-21695
GHSA-cvvm-4cr9-r436
VCID-r3ry-745m-zuh1 Missing Authorization FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins. CVE-2021-21689
GHSA-j3cq-h6vh-gx7f
VCID-r3v1-qkky-dqcq Missing Authorization Jenkins does not check agent-to-controller access to create parent directories in FilePath#mkdirs. CVE-2021-21685
GHSA-58xm-mxjf-254g
VCID-remx-jas5-1bfm Incorrect Authorization FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins only check 'read' agent-to-controller access permission on the source path, instead of 'delete'. CVE-2021-21692
GHSA-8xg4-xq2v-v6j7
VCID-wuvf-kdtu-tkc2 Improper Authorization When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins. CVE-2021-21693
GHSA-929w-q433-4h9x
VCID-zgtd-8mf6-ruc9 Incomplete List of Disallowed Inputs Jenkins allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. CVE-2021-21697
GHSA-cv2w-q8c3-xjv7

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:02:18.782065+00:00 GHSA Importer Fixing VCID-1kf2-8j67-7kg3 https://github.com/advisories/GHSA-4g38-hrm4-rg94 38.0.0
2026-04-01T16:02:18.724476+00:00 GHSA Importer Fixing VCID-7w87-bm8n-bbbr https://github.com/advisories/GHSA-m9hr-259f-2v23 38.0.0
2026-04-01T16:02:18.697018+00:00 GHSA Importer Fixing VCID-r3ry-745m-zuh1 https://github.com/advisories/GHSA-j3cq-h6vh-gx7f 38.0.0
2026-04-01T16:02:18.673409+00:00 GHSA Importer Fixing VCID-h3nf-gwsr-5qf3 https://github.com/advisories/GHSA-pgj6-jmj5-wqfx 38.0.0
2026-04-01T16:02:18.553032+00:00 GHSA Importer Fixing VCID-wuvf-kdtu-tkc2 https://github.com/advisories/GHSA-929w-q433-4h9x 38.0.0
2026-04-01T16:02:18.527821+00:00 GHSA Importer Fixing VCID-kf3a-yce1-auh4 https://github.com/advisories/GHSA-2c79-h2h5-g3fw 38.0.0
2026-04-01T16:02:18.501352+00:00 GHSA Importer Fixing VCID-r3v1-qkky-dqcq https://github.com/advisories/GHSA-58xm-mxjf-254g 38.0.0
2026-04-01T16:02:18.407999+00:00 GHSA Importer Fixing VCID-fvza-3rhj-8kbp https://github.com/advisories/GHSA-97c3-w9cr-6qc2 38.0.0
2026-04-01T16:02:18.379084+00:00 GHSA Importer Fixing VCID-b4zg-38x9-23dn https://github.com/advisories/GHSA-3q84-vrvx-rfvf 38.0.0
2026-04-01T16:02:18.285413+00:00 GHSA Importer Fixing VCID-remx-jas5-1bfm https://github.com/advisories/GHSA-8xg4-xq2v-v6j7 38.0.0
2026-04-01T16:02:18.154203+00:00 GHSA Importer Fixing VCID-53km-desw-w7d6 https://github.com/advisories/GHSA-c5r9-rx53-q3gf 38.0.0
2026-04-01T16:02:18.126935+00:00 GHSA Importer Fixing VCID-nq1x-s9hz-a7fb https://github.com/advisories/GHSA-cvvm-4cr9-r436 38.0.0
2026-04-01T16:02:18.008932+00:00 GHSA Importer Fixing VCID-zgtd-8mf6-ruc9 https://github.com/advisories/GHSA-cv2w-q8c3-xjv7 38.0.0
2026-04-01T13:11:54.057978+00:00 GithubOSV Importer Fixing VCID-fvza-3rhj-8kbp https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-97c3-w9cr-6qc2/GHSA-97c3-w9cr-6qc2.json 38.0.0
2026-04-01T13:11:31.067510+00:00 GithubOSV Importer Fixing VCID-r3v1-qkky-dqcq https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-58xm-mxjf-254g/GHSA-58xm-mxjf-254g.json 38.0.0
2026-04-01T13:11:30.970635+00:00 GithubOSV Importer Fixing VCID-nq1x-s9hz-a7fb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cvvm-4cr9-r436/GHSA-cvvm-4cr9-r436.json 38.0.0
2026-04-01T13:10:33.140982+00:00 GithubOSV Importer Fixing VCID-h3nf-gwsr-5qf3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pgj6-jmj5-wqfx/GHSA-pgj6-jmj5-wqfx.json 38.0.0
2026-04-01T13:10:28.175249+00:00 GithubOSV Importer Fixing VCID-wuvf-kdtu-tkc2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-929w-q433-4h9x/GHSA-929w-q433-4h9x.json 38.0.0
2026-04-01T13:10:16.403923+00:00 GithubOSV Importer Fixing VCID-zgtd-8mf6-ruc9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cv2w-q8c3-xjv7/GHSA-cv2w-q8c3-xjv7.json 38.0.0
2026-04-01T13:10:13.702855+00:00 GithubOSV Importer Fixing VCID-b4zg-38x9-23dn https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3q84-vrvx-rfvf/GHSA-3q84-vrvx-rfvf.json 38.0.0
2026-04-01T13:09:46.226323+00:00 GithubOSV Importer Fixing VCID-1kf2-8j67-7kg3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4g38-hrm4-rg94/GHSA-4g38-hrm4-rg94.json 38.0.0
2026-04-01T13:09:46.139660+00:00 GithubOSV Importer Fixing VCID-53km-desw-w7d6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c5r9-rx53-q3gf/GHSA-c5r9-rx53-q3gf.json 38.0.0
2026-04-01T13:09:37.443011+00:00 GithubOSV Importer Fixing VCID-kf3a-yce1-auh4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2c79-h2h5-g3fw/GHSA-2c79-h2h5-g3fw.json 38.0.0
2026-04-01T13:09:13.392980+00:00 GithubOSV Importer Fixing VCID-remx-jas5-1bfm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8xg4-xq2v-v6j7/GHSA-8xg4-xq2v-v6j7.json 38.0.0
2026-04-01T13:09:02.179396+00:00 GithubOSV Importer Fixing VCID-r3ry-745m-zuh1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j3cq-h6vh-gx7f/GHSA-j3cq-h6vh-gx7f.json 38.0.0
2026-04-01T13:07:41.929831+00:00 GithubOSV Importer Fixing VCID-7w87-bm8n-bbbr https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m9hr-259f-2v23/GHSA-m9hr-259f-2v23.json 38.0.0
2026-04-01T12:49:00.144924+00:00 GitLab Importer Affected by VCID-kf3a-yce1-auh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21691.yml 38.0.0
2026-04-01T12:49:00.098563+00:00 GitLab Importer Affected by VCID-h3nf-gwsr-5qf3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21694.yml 38.0.0
2026-04-01T12:49:00.081793+00:00 GitLab Importer Affected by VCID-fvza-3rhj-8kbp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21690.yml 38.0.0
2026-04-01T12:49:00.057612+00:00 GitLab Importer Affected by VCID-7w87-bm8n-bbbr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21688.yml 38.0.0
2026-04-01T12:49:00.012115+00:00 GitLab Importer Affected by VCID-remx-jas5-1bfm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21692.yml 38.0.0
2026-04-01T12:48:59.977262+00:00 GitLab Importer Affected by VCID-b4zg-38x9-23dn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21687.yml 38.0.0
2026-04-01T12:48:59.960931+00:00 GitLab Importer Affected by VCID-1kf2-8j67-7kg3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21686.yml 38.0.0
2026-04-01T12:48:59.943682+00:00 GitLab Importer Affected by VCID-nq1x-s9hz-a7fb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21695.yml 38.0.0
2026-04-01T12:48:59.926834+00:00 GitLab Importer Affected by VCID-wuvf-kdtu-tkc2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21693.yml 38.0.0
2026-04-01T12:48:59.861649+00:00 GitLab Importer Affected by VCID-r3ry-745m-zuh1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21689.yml 38.0.0
2026-04-01T12:48:59.846535+00:00 GitLab Importer Affected by VCID-r3v1-qkky-dqcq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2021-21685.yml 38.0.0