cbcvebase.
CVE-2021-21604
published 2021-01-13

CVE-2021-21604: Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old…

PriorityP340high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EPSS
1.68%
74.0th percentile
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.

Affected

9 ranges
VendorProductVersion rangeFixed in
jenkinsanything_goes_formatter_plugin
jenkinsbumblebee_hp_alm_plugin
jenkinsjenkins<= 2.263.1
jenkinsjenkins<= 2.274
jenkinsjenkins_core
jenkinsjenkins_lts
jenkinsjenkins_weekly
jenkinstics_plugin
jenkins_projectjenkinsunspecified – 2.274

CVSS provenance

nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vendor_redhat8.0HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.