Main Vulnerability Database Vulnerabilities #VU57990

#VU57990 Missing Authorization in Jenkins and Jenkins LTS - CVE-2021-21697

Published: November 8, 2021

Vulnerability identifier: #VU57990

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-21697

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Jenkins
Jenkins LTS

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the affected application allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. A remote attacker can compromise the target system.

Remediation

Install updates from vendor's website.

External links

https://jenkins.io/security/advisory/2021-11-04/

#VU57990 Missing Authorization in Jenkins and Jenkins LTS - CVE-2021-21697

Description

Remediation

External links

Please verify you're human