---

ASA-202107-5 - log back

ASA-202107-5 edited at 03 Jul 2021 16:26:04
Workaround	- As a workaround for CVE-2021-21670, do not grant Item/Cancel permission to users who do not have Item/Read permission. No known workaround exists for CVE-2021-21671. + As a workaround for CVE-2021-21670, do not grant Item/Cancel permission + to users who do not have Item/Read permission. No known workaround + exists for CVE-2021-21671.
Impact	+ A remote attacker could login into an expired user session. - A remote attacker could login into an expired user session. Additionally, users could cancel queue items and abort builds for which they do not have Item/Read permission. + Additionally, users could cancel queue items and abort builds for which they do not have Item/Read permission.

ASA-202107-5 edited at 01 Jul 2021 12:46:25
Impact	- A remote attacker could login into an expired user session. Additionally, users could cancel queue items and abort builds for which they did not have Item/Read permission. + A remote attacker could login into an expired user session. Additionally, users could cancel queue items and abort builds for which they do not have Item/Read permission.

ASA-202107-5 edited at 01 Jul 2021 12:32:11
Workaround	+ As a workaround for CVE-2021-21670, do not grant Item/Cancel permission to users who do not have Item/Read permission. No known workaround exists for CVE-2021-21671.
Impact	+ A remote attacker could login into an expired user session. Additionally, users could cancel queue items and abort builds for which they did not have Item/Read permission.

ASA-202107-5 created at 01 Jul 2021 12:29:21