CVE-2021-21671 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Authentication bypass |
| Description | Jenkins 2.299 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. Jenkins 2.300 invalidates the existing session on login. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2118 | jenkins | 2.299-1 | 2.300-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 01 Jul 2021 | ASA-202107-5 | AVG-2118 | jenkins | High | multiple issues |
| References |
|---|
https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2371 https://github.com/jenkinsci/jenkins/commit/25a42f3942fd9f8bd768c887c679dbc796b4fcd5 |