CVE-2021-21671

Published: Jun 30, 2021
Updated: Oct 26, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-21671" target="_blank" rel="noopener"> CVE-2021-21671
GHSA: <a href="https://github.com/advisories/GHSA-4wr9-2xc6-jmg5" target="_blank" rel="noopener"> GHSA-4wr9-2xc6-jmg5
Severity: High
Exploit:

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
jenkins / jenkins	2.277.1	2.289.2
jenkins / jenkins	2.266	2.300
org.jenkins-ci.main / jenkins-core	2.292	2.300
org.jenkins-ci.main / jenkins-core	-	2.289.2