CVE-2021-21615

Summary

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins2.275affected
Jenkins projectJenkinsLTS 2.263.2affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References