{"vulnerability": "CVE-2021-2167", "sightings": [{"uuid": "cb375923-4185-4f5b-b878-6a219bd1c63c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21677", "type": "seen", "source": "https://t.me/cibsecurity/28088", "content": "\u203c CVE-2021-21677 \u203c\n\nJenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T18:33:39.000000Z"}, {"uuid": "9aa55cb2-634c-4c73-9fce-9e440a6c001e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21675", "type": "seen", "source": "https://t.me/cibsecurity/25831", "content": "\u203c CVE-2021-21675 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-30T20:30:12.000000Z"}, {"uuid": "8d753a8c-e29f-4d23-8c75-9c67cf9de2f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21671", "type": "seen", "source": "https://t.me/cibsecurity/25833", "content": "\u203c CVE-2021-21671 \u203c\n\nJenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-30T20:30:14.000000Z"}, {"uuid": "b678ff4c-da5d-4d88-a0cb-2bf0d4548365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21672", "type": "seen", "source": "https://t.me/cibsecurity/25832", "content": "\u203c CVE-2021-21672 \u203c\n\nJenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-30T20:30:13.000000Z"}, {"uuid": "0caac7fa-8e30-444f-8f07-48c43f57ef69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21679", "type": "seen", "source": "https://t.me/cibsecurity/28093", "content": "\u203c CVE-2021-21679 \u203c\n\nJenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T18:33:45.000000Z"}, {"uuid": "613ca554-a564-4be8-a3ee-1b4e34e580b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21678", "type": "seen", "source": "https://t.me/cibsecurity/28089", "content": "\u203c CVE-2021-21678 \u203c\n\nJenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T18:33:40.000000Z"}]}