CVE-2021-21671 log

Source
Severity High
Remote Yes
Type Authentication bypass
Description
Jenkins 2.299 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. Jenkins 2.300 invalidates the existing session on login.
Group Package Affected Fixed Severity Status Ticket
AVG-2118 jenkins 2.299-1 2.300-1 High Fixed
Date Advisory Group Package Severity Type
01 Jul 2021 ASA-202107-5 AVG-2118 jenkins High multiple issues
References
https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2371
https://github.com/jenkinsci/jenkins/commit/25a42f3942fd9f8bd768c887c679dbc796b4fcd5