CVE-2021-21671 - log back

CVE-2021-21671 edited at 01 Jul 2021 10:15:23
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Authentication bypass
Description
+ Jenkins 2.299 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. Jenkins 2.300 invalidates the existing session on login.
References
+ https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2371
+ https://github.com/jenkinsci/jenkins/commit/25a42f3942fd9f8bd768c887c679dbc796b4fcd5
Notes
CVE-2021-21671 created at 01 Jul 2021 09:37:13