CVE-2021-21698 — Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitra

Description

Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Subversion Plugin 2.15.1 checks for the presence of and prohibits directory separator characters as part of the file name, restricting it to the intended directory.

How to fix CVE-2021-21698

To remediate CVE-2021-21698, upgrade the affected package to a fixed version below.

—upgrade to 2.15.1 or later

Is CVE-2021-21698 being exploited?

Low — EPSS is 3.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2.15.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-21698
PATCHgithub.com/jenkinsci/subversion-plugin
WEBgithub.com/jenkinsci/subversion-plugin/commit/7d1525edea6641a2febd3f7deeac55c0a89b0d7e
WEBwww.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506