---

CVE-2021-21640 - log back

CVE-2021-21640 edited at 21 Apr 2021 12:31:46
Remote	- Local + Remote
References	https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871 - https://nvd.nist.gov/vuln/detail/CVE-2021-21640 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21640 https://www.openwall.com/lists/oss-security/2021/04/07/2

CVE-2021-21640 edited at 08 Apr 2021 01:56:37
References	https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-21640 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21640 + https://www.openwall.com/lists/oss-security/2021/04/07/2

CVE-2021-21640 edited at 07 Apr 2021 17:05:48
Severity	- Unknown + Medium
Remote	- Unknown + Local

CVE-2021-21640 created at 07 Apr 2021 15:58:56
Severity	+ Unknown
Remote	+ Unknown
Type	+ Insufficient validation
Description	+ Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.
References	+ https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871 + https://nvd.nist.gov/vuln/detail/CVE-2021-21640 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21640
Notes