CVE-2021-21697

EPSS 0.86%
Published 04.11.2021 17:15:08
Last modified 21.11.2024 05:48:51
Source jenkinsci-cert@googlegroups.co
Teams watchlist Login
Open Login

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Jenkins ≫ Jenkins SwEditionlts Version <= 2.303.2

Jenkins ≫ Jenkins SwEdition- Version <= 2.318

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.86%	0.742

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://www.openwall.com/lists/oss-security/2021/11/04/3

Third Party Advisory

Mailing List

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21697

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21697

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21697

EUVD