CVE-2021-21671 - Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login

CVE-2021-21671

Summary

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.

References

Vulnerable Configurations

cpe:2.3:a:jenkins:jenkins:2.277.1:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:2.277.1:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:2.277.2:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:2.277.2:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:2.277.3:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:2.277.3:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:2.277.4:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:2.277.4:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:2.289.1:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:2.289.1:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:2.270:*:*:*:-:*:*:*
cpe:2.3:a:jenkins:jenkins:2.270:*:*:*:-:*:*:*
cpe:2.3:a:jenkins:jenkins:2.274:*:*:*:-:*:*:*
cpe:2.3:a:jenkins:jenkins:2.274:*:*:*:-:*:*:*
cpe:2.3:a:jenkins:jenkins:2.276:*:*:*:-:*:*:*
cpe:2.3:a:jenkins:jenkins:2.276:*:*:*:-:*:*:*
cpe:2.3:a:jenkins:jenkins:2.299:*:*:*:-:*:*:*
cpe:2.3:a:jenkins:jenkins:2.299:*:*:*:-:*:*:*

CVSS

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

Last major update

25-10-2023 - 18:16

Published

30-06-2021 - 17:15

Last modified

25-10-2023 - 18:16