CVE-2021-21602
maven/org.jenkins-ci.main/jenkins-core
Improper Link Resolution Before File Access
Jenkins allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
All versions after 2.263.1 up to 2.274
Unfortunately, there is no solution available yet.
2021-01-18
source |