Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-21671 - log back

CVE-2021-21671 edited at 01 Jul 2021 10:15:23

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Authentication bypass

Description

+	Jenkins 2.299 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. Jenkins 2.300 invalidates the existing session on login.

References

+	https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2371
+	https://github.com/jenkinsci/jenkins/commit/25a42f3942fd9f8bd768c887c679dbc796b4fcd5

Notes

CVE-2021-21671 created at 01 Jul 2021 09:37:13