CVE-2021-21697

CRITICAL

Jenkins <2.318-<2.303.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/11/04/3

Scores

CVSS v3 9.1
EPSS 0.0146
EPSS Percentile 81.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Status published
Products (3)
jenkins/jenkins < 2.303.2
jenkins/jenkins < 2.318
org.jenkins-ci.main/jenkins-core 0 - 2.303.3Maven
Published Nov 04, 2021
Tracked Since Feb 18, 2026