Description

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.

Remediation

References

CVE-2021-21605

Related Vulnerabilities

WordPress Plugin stm-megamenu Local File Inclusion (2.3.12)

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10002)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3722)

IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4733)

WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)

Severity

High

Classification

CVE-2021-21605 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities