Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-21639  

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.

Source
Severity Low

Remote No

Type Insufficient validation

Description 

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.

AVG-1781 jenkins 2.286-1 2.287-1 Medium Vulnerable 

https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721
https://nvd.nist.gov/vuln/detail/CVE-2021-21639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21639

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started