QID 239919

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.9. See the following advisory for the container images for this release:https://access.redhat.com/errata/RHSA-2021:4834

Security Fix(es): jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key (CVE-2021-21698)
jenkins: FilePath#mkdirs does not check permission to create parent directories (CVE-2021-21685)
jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories (CVE-2021-21686)
jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link (CVE-2021-21687)
jenkins: FilePath#reading(FileVisitor)
does not reject any operations allowing users to have unrestricted read access (CVE-2021-21688)
jenkins: FilePath#unzip and FilePath#untar were not subject to any access control (CVE-2021-21689)
jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path (CVE-2021-21690)
jenkins: Creating symbolic links is possible without the symlink permission (CVE-2021-21691)
jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path (CVE-2021-21692)
jenkins: When creating temporary files, permission to create files is only checked after they have been created. (CVE-2021-21693)
jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions (CVE-2021-21694)
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links. (CVE-2021-21695)

On successful exploitation, it could allow an attacker to execute code.