Vulnerability Database

296,746

Total vulnerabilities in the database

CVE-2021-21605

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file.

Published: Jan 13, 2021
Updated: Oct 26, 2023
CVE: CVE-2021-21605
GHSA: GHSA-pxgq-gqr9-5gwx
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
jenkins / jenkins	-	2.274.x
jenkins / jenkins	-	2.263.1.x
org.jenkins-ci.main / jenkins-core	-	2.263.2
org.jenkins-ci.main / jenkins-core	2.264	2.275

https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2021

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo