Published: 13/01/2021 Updated: 25/10/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not limit sizes provided as query parameters to graph-rendering URLs, allowing malicious users to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins jenkins

Synopsis Important: OpenShift Container Platform 4617 security and packages update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4617 is now available withupdates to packages and images that fix several bugsThis release includes a security update for Red ...

Jenkins renders several different graphs for features like agent and label usage statistics, memory usage, or various plugin-provided statistics Jenkins 2274 and earlier, LTS 22631 and earlier does not limit the graph size provided as query parameters This allows attackers to request or to have legitimate Jenkins users request crafted URLs tha ...

CWE-770 https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2025 https://access.redhat.com/errata/RHSA-2021:0423 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-21607

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-21607

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect