Bug 2020341 (CVE-2021-21693)
| Summary: | CVE-2021-21693 jenkins: When creating temporary files, permission to create files is only checked after they’ve been created. | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | abenaiss, aileenc, aos-bugs, bmontgom, chazlett, drieden, eparis, ggaughan, gmalinko, janstey, jburrell, jochrist, jokerman, jwon, nstielau, pbhattac, pdelbell, spandura, sponnaga, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | jenkins 2.319, jenkins LTS 2.303.3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An incorrect permissions validation vulnerability was found in Jenkins. The permissions to create temporary files are only checked after they have been created. This may allow an attacker to get access to restricted data.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-12-02 23:08:44 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2020611, 2020612, 2020613, 2020614, 2020615, 2020616 | ||
| Bug Blocks: | 2020347 | ||
|
Description
Michael Kaplan
2021-11-04 16:02:29 UTC
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2021:4833 https://access.redhat.com/errata/RHSA-2021:4833 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2021:4829 https://access.redhat.com/errata/RHSA-2021:4829 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2021:4801 https://access.redhat.com/errata/RHSA-2021:4801 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2021:4799 https://access.redhat.com/errata/RHSA-2021:4799 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2021:4827 https://access.redhat.com/errata/RHSA-2021:4827 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-21693 |