Description

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.

Remediation

References

CVE-2021-21670

Related Vulnerabilities

MongoDb Improper Input Validation Vulnerability (CVE-2021-20330)

WordPress Plugin Lazy Load Cross-Site Scripting (0.6)

WordPress Plugin Conditional Marketing Mailer for WooCommerce Cross-Site Request Forgery (1.5.2)

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)

MySQL CVE-2016-0642 Vulnerability (CVE-2016-0642)

Severity

Medium

Classification

CVE-2021-21670 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities