Vulnerability Details : CVE-2021-21615
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Threat overview for CVE-2021-21615
Top countries where our scanners detected CVE-2021-21615
Top open port discovered on systems with this issue 80
IPs affected by CVE-2021-21615 15,886
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2021-21615!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-21615
Probability of exploitation activity in the next 30 days: 0.07%
CVSS scores for CVE-2021-21615
|Base Score||Base Severity||CVSS Vector||Exploitability Score||Impact Score||Source|
CWE ids for CVE-2021-21615
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.Assigned by:
- email@example.com (Secondary)
- firstname.lastname@example.org (Primary)
References for CVE-2021-21615
Jenkins Security Advisory 2021-01-26Vendor Advisory
oss-security - Vulnerability in JenkinsMailing List;Third Party Advisory