CVE-2021-21671 log

Severity High
Remote Yes
Type Authentication bypass
Jenkins 2.299 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. Jenkins 2.300 invalidates the existing session on login.
Group Package Affected Fixed Severity Status Ticket
AVG-2118 jenkins 2.299-1 2.300-1 High Fixed
Date Advisory Group Package Severity Type
01 Jul 2021 ASA-202107-5 AVG-2118 jenkins High multiple issues