CVE-2021-21697

Published: Nov 4, 2021Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

Affected (2)

Products: Jenkins: Jenkins

Jenkins

1 product

Jenkins

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 2.318
Jenkins Jenkins	Up to 2.303.2

References (4)

http://www.openwall.com/lists/oss-security/2021/11/04/3

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428

Source: jenkinsci-cert@googlegroups.com

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2021/11/04/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.