Jenkins Incorrect Authorization Vulnerability (CVE-2021-21609)

Description

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.

Remediation

References

CVE-2021-21609

Related Vulnerabilities

WordPress Plugin Import XML and RSS Feeds Arbitrary File Upload (2.1.5)

WordPress Plugin Media Search Enhanced SQL Injection (0.6.0)

osCommerce Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-27976)

Envoy Proxy Always-Incorrect Control Flow Implementation Vulnerability (CVE-2022-21655)

WordPress Plugin Brizy-Page Builder Multiple Vulnerabilities (2.3.11)

Severity

Medium

Classification

CVE-2021-21609 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N