cbcvebase.
CVE-2021-21615
published 2021-01-26

CVE-2021-21615: Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use…

PriorityP432medium5.3CVSS 3.1
AVNACHPRLUINSUCHINAN
EPSS
0.90%
55.1th percentile
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.

Affected

7 ranges
VendorProductVersion rangeFixed in
jenkinsjenkins< 2.263.32.263.3
jenkinsjenkins< 2.2762.276
jenkinsjenkins_core
jenkinsjenkins_lts
jenkinsjenkins_weekly
jenkins_projectjenkins
jenkins_projectjenkins

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
ghsa6.5MEDIUM
osv6.5MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.