BIT-jenkins-2021-21697

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/jenkins/BIT-jenkins-2021-21697.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-jenkins-2021-21697

Aliases

CVE-2021-21697
GHSA-cv2w-q8c3-xjv7

Published

2024-03-06T10:59:02.688Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

Database specific

{
    "cpes": [
        "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
        "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*"
    ],
    "severity": "Critical"
}

References

http://www.openwall.com/lists/oss-security/2021/11/04/3
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428
https://nvd.nist.gov/vuln/detail/CVE-2021-21697

Affected packages

Bitnami / jenkins

Package

Name: jenkins
Purl: pkg:bitnami/jenkins

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.318.1