Published: 13/01/2021 Updated: 25/10/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins jenkins

Synopsis Important: OpenShift Container Platform 4617 security and packages update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4617 is now available withupdates to packages and images that fix several bugsThis release includes a security update for Red ...

Jenkins includes a static list of URLs that are always accessible even without Overall/Read permission, such as the login form These URLs are excluded from an otherwise universal permission check Jenkins 2274 and earlier, LTS 22631 and earlier does not correctly compare requested URLs with that list This allows attackers without Overall/Read ...

CWE-863 https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2047 https://access.redhat.com/errata/RHSA-2021:0423 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-21609

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-21609

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect