CVE-2021-21604
jenkins: Improper handling of REST API XML deserialization errors
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Jenkins versiones 2.274 y anteriores, LTS versiones 2.263.1 y anteriores, permite a atacantes con permiso para crear o configurar varios objetos para inyectar contenido diseñado en Old Data Monitor que resulta en la instanciación de objetos potencialmente no seguros una vez que son descartados por un administrador.
A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-01-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923 | 2023-10-25 | |
https://access.redhat.com/security/cve/CVE-2021-21604 | 2021-03-03 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1925157 | 2021-03-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | <= 2.263.1 Search vendor "Jenkins" for product "Jenkins" and version " <= 2.263.1" | lts |
Affected
| ||||||
Jenkins Search vendor "Jenkins" | Jenkins Search vendor "Jenkins" for product "Jenkins" | <= 2.274 Search vendor "Jenkins" for product "Jenkins" and version " <= 2.274" | - |
Affected
|