ID CVE-2021-21671
Summary Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:jenkins:2.277.1:*:*:*:lts:*:*:*
    cpe:2.3:a:jenkins:jenkins:2.277.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:jenkins:jenkins:2.277.2:*:*:*:lts:*:*:*
    cpe:2.3:a:jenkins:jenkins:2.277.2:*:*:*:lts:*:*:*
  • cpe:2.3:a:jenkins:jenkins:2.277.3:*:*:*:lts:*:*:*
    cpe:2.3:a:jenkins:jenkins:2.277.3:*:*:*:lts:*:*:*
  • cpe:2.3:a:jenkins:jenkins:2.277.4:*:*:*:lts:*:*:*
    cpe:2.3:a:jenkins:jenkins:2.277.4:*:*:*:lts:*:*:*
  • cpe:2.3:a:jenkins:jenkins:2.289.1:*:*:*:lts:*:*:*
    cpe:2.3:a:jenkins:jenkins:2.289.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:jenkins:jenkins:2.270:*:*:*:-:*:*:*
    cpe:2.3:a:jenkins:jenkins:2.270:*:*:*:-:*:*:*
  • cpe:2.3:a:jenkins:jenkins:2.274:*:*:*:-:*:*:*
    cpe:2.3:a:jenkins:jenkins:2.274:*:*:*:-:*:*:*
  • cpe:2.3:a:jenkins:jenkins:2.276:*:*:*:-:*:*:*
    cpe:2.3:a:jenkins:jenkins:2.276:*:*:*:-:*:*:*
  • cpe:2.3:a:jenkins:jenkins:2.299:*:*:*:-:*:*:*
    cpe:2.3:a:jenkins:jenkins:2.299:*:*:*:-:*:*:*
CVSS
Base: 5.1 (as of 25-10-2023 - 18:16)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
Last major update 25-10-2023 - 18:16
Published 30-06-2021 - 17:15
Last modified 25-10-2023 - 18:16
Back to Top