CVE-2021-21677
published 2021-08-31CVE-2021-21677: Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | code_coverage_api | <= 1.4.0 | — |
| jenkins | code_coverage_plugin | — | — |
| jenkins | nested_view_plugin | — | — |
| jenkins | nomad_plugin | — | — |
| jenkins | saml_plugin | — | — |
| jenkins_project | jenkins_code_coverage_api_plugin | unspecified – 1.4.0 | — |