CVE-2021-21671 : Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previ

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.

Published 2021-06-30 17:15:09

Updated 2023-10-25 18:16:51

Source Jenkins Project

View at NVD, CVE.org

Products affected by CVE-2021-21671

Jenkins » Jenkins » LTS Edition
Versions from including (>=) 2.277.1 and before (<) 2.289.2
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
Matching versions
Jenkins » Jenkins »
Versions from including (>=) 2.266 and before (<) 2.300
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
Matching versions

Top countries where our scanners detected CVE-2021-21671

Top open port discovered on systems with this issue 80

IPs affected by CVE-2021-21671 7,216

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2021-21671!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

EPSS FAQ

1.19%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P	4.9	6.4	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	1.6	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2371

Jenkins Security Advisory 2021-06-30
Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/06/30/1

oss-security - Multiple vulnerabilities in Jenkins and Jenkins plugins
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to