ASA-202107-5 - log back

ASA-202107-5 edited at 03 Jul 2021 16:26:04
Workaround
- As a workaround for CVE-2021-21670, do not grant Item/Cancel permission to users who do not have Item/Read permission. No known workaround exists for CVE-2021-21671.
+ As a workaround for CVE-2021-21670, do not grant Item/Cancel permission
+ to users who do not have Item/Read permission. No known workaround
+ exists for CVE-2021-21671.
Impact
+ A remote attacker could login into an expired user session.
- A remote attacker could login into an expired user session. Additionally, users could cancel queue items and abort builds for which they do not have Item/Read permission.
+ Additionally, users could cancel queue items and abort builds for which they do not have Item/Read permission.
ASA-202107-5 edited at 01 Jul 2021 12:46:25
Impact
- A remote attacker could login into an expired user session. Additionally, users could cancel queue items and abort builds for which they did not have Item/Read permission.
+ A remote attacker could login into an expired user session. Additionally, users could cancel queue items and abort builds for which they do not have Item/Read permission.
ASA-202107-5 edited at 01 Jul 2021 12:32:11
Workaround
+ As a workaround for CVE-2021-21670, do not grant Item/Cancel permission to users who do not have Item/Read permission. No known workaround exists for CVE-2021-21671.
Impact
+ A remote attacker could login into an expired user session. Additionally, users could cancel queue items and abort builds for which they did not have Item/Read permission.
ASA-202107-5 created at 01 Jul 2021 12:29:21