Description

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.

Remediation

References

CVE-2021-21605

Related Vulnerabilities

Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-7312)

Drupal Other Vulnerability (CVE-2005-3975)

WordPress Plugin iTwitter Multiple Vulnerabilities (0.04)

WordPress Plugin MetaSlider Cross-Site Scripting (2.6.2)

WordPress Plugin uTubeVideo Gallery Unspecified Vulnerability (2.0.6)

Severity

High

Classification

CVE-2021-21605 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities