Description

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.

Remediation

References

CVE-2021-21605

Related Vulnerabilities

WordPress Plugin WP Taxonomy Import Cross-Site Scripting (1.0.4)

WordPress 5.7.x PHP Object Injection (5.7 - 5.7.1)

SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1595)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-44040)

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Cross-Site Scripting (4.2.2)

Severity

High

Classification

CVE-2021-21605 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities