CVE Vulnerabilities

CVE-2021-21697

Published: Nov 04, 2021 | Modified: Nov 03, 2023
CVSS 3.x
9.1
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
8.8 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

Affected Software

Name Vendor Start Version End Version
Jenkins Jenkins * 2.303.2 (including)
Jenkins Jenkins * 2.318 (including)
Red Hat OpenShift Container Platform 3.11 RedHat jenkins-0:2.303.3.1637698110-1.el7 *
Red Hat OpenShift Container Platform 4.6 RedHat jenkins-0:2.303.3.1637597493-1.el8 *
Red Hat OpenShift Container Platform 4.7 RedHat jenkins-0:2.303.3.1637597018-1.el8 *
Red Hat OpenShift Container Platform 4.8 RedHat jenkins-0:2.303.3.1637596565-1.el8 *
Red Hat OpenShift Container Platform 4.9 RedHat jenkins-0:2.303.3.1637595827-1.el8 *

References