jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21615)
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
This issue is caused by an incorrectly applied fix for SECURITY-1452 / CVE-2021-21602 in the 2021-01-13 security advisory.
Fixed In Version:
jenkins 2.276, jenkins LTS 2.263.3
- master (c3c5fbed)