Lucene search

[email protected]NVD:CVE-2021-21621

HistoryFeb 24, 2021 - 4:15 p.m.

CVE-2021-21621

2021-02-2416:15:15

CWE-200

[email protected]

web.nvd.nist.gov

jenkins

support core plugin

user authentication

session id

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

35.9%

JSON

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the “About user (basic authentication details only)” information, which can include the session ID of the user creating the support bundle in some configurations.

Affected configurations

Nvd

Node

jenkinssupport_coreRange≤2.72jenkins

VendorProductVersionCPE
jenkinssupport_core*cpe:2.3:a:jenkins:support_core:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	support_core	*	cpe:2.3:a:jenkins:support_core::::::jenkins::*

References

www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

35.9%

JSON

Related for NVD:CVE-2021-21621

prion1 github1 osv2 cvelist1 cve1 nessus1