CVE-2021-21639 - log back

CVE-2021-21639 edited at 21 Apr 2021 12:30:11
Severity
- Low
+ Medium
Remote
- Local
+ Remote
References
https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721
- https://nvd.nist.gov/vuln/detail/CVE-2021-21639
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21639
https://www.openwall.com/lists/oss-security/2021/04/07/2
CVE-2021-21639 edited at 08 Apr 2021 01:56:01
Description
- Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.
+ Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the config.xml REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.
References
https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721
https://nvd.nist.gov/vuln/detail/CVE-2021-21639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21639
+ https://www.openwall.com/lists/oss-security/2021/04/07/2
CVE-2021-21639 edited at 07 Apr 2021 17:05:13
References
https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721
https://nvd.nist.gov/vuln/detail/CVE-2021-21639
- ttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21639
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21639
CVE-2021-21639 edited at 07 Apr 2021 17:05:04
Severity
- Unknown
+ Low
References
- https://www.jenkins.io/security/advisory/2021-04-07/
+ https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721
https://nvd.nist.gov/vuln/detail/CVE-2021-21639
+ ttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21639
CVE-2021-21639 created at 07 Apr 2021 15:56:15
Severity
+ Unknown
Remote
+ Local
Type
+ Insufficient validation
Description
+ Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.
References
+ https://www.jenkins.io/security/advisory/2021-04-07/
+ https://nvd.nist.gov/vuln/detail/CVE-2021-21639
Notes