CVE-2021-21606

EPSS 0.24%
Veröffentlicht 13.01.2021 16:15:13
Zuletzt bearbeitet 21.11.2024 05:48:41
Quelle jenkinsci-cert@googlegroups.co
Teams Watchlist Login
Unerledigt Login

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Jenkins SwEditionlts Version <= 2.263.1

Jenkins ≫ Jenkins SwEdition- Version <= 2.274

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.465

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2023

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21606

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21606

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21606

EUVD