vulnerability

Jenkins Advisory 2021-04-07: CVE-2021-21639: Lack of type validation in agent related REST API

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:P/A:N)	2021-04-07	2021-12-02	2022-07-12

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

2021-04-07

Added

2021-12-02

Modified

2022-07-12

Description

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.

Solution(s)

jenkins-lts-upgrade-2_277_2jenkins-upgrade-2_287

References

CVE-2021-21639
https://attackerkb.com/topics/CVE-2021-21639
URL-https://jenkins.io/security/advisory/2021-04-07/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today