AVG-2118 log

Package jenkins
Status Fixed
Severity High
Type multiple issues
Affected 2.299-1
Fixed 2.300-1
Current 2.485-1 [extra]
Ticket None
Created Thu Jul 1 09:37:13 2021
Issue Severity Remote Type Description
CVE-2021-21671 High Yes Authentication bypass
Jenkins 2.299 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain...
CVE-2021-21670 Medium Yes Access restriction bypass
Jenkins 2.299 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have...
Date Advisory Package Type
01 Jul 2021 ASA-202107-5 jenkins multiple issues