PT-2021-14720 · Jenkins · Jenkins Code Coverage Api Plugin +1

🗓️ 31 Aug 2021 00:00:00Reported by Positive TechnologiesType

Jenkins Code Coverage ≤1.4.0 is vulnerable to remote code execution via unsafe deserialization; upgrade to 1.4.1 or later.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2021-21677	31 Aug 202118:33	–	circl
Tenable Nessus	Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)	6 Oct 202100:00	–	nessus
CNNVD	Jenkins 代码问题漏洞	31 Aug 202100:00	–	cnnvd
CVE	CVE-2021-21677	31 Aug 202113:50	–	cve
Cvelist	CVE-2021-21677	31 Aug 202113:50	–	cvelist
EUVD	EUVD-2022-2537	3 Oct 202520:07	–	euvd
Github Security Blog	RCE vulnerability in Jenkins Code Coverage API Plugin	24 May 202219:12	–	github
NVD	CVE-2021-21677	31 Aug 202114:15	–	nvd
OSV	GHSA-58PR-HPRX-7HG6 RCE vulnerability in Jenkins Code Coverage API Plugin	24 May 202219:12	–	osv
Prion	Remote code execution	31 Aug 202114:15	–	prion

Source	Link
jenkins	www.jenkins.io/security/advisory/2021-08-31/
osv	www.osv.dev/vulnerability/CVE-2021-21677
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-21677
osv	www.osv.dev/vulnerability/GHSA-58pr-hprx-7hg6
github	www.github.com/jenkinsci/code-coverage-api-plugin/commit/a5b3c18cff2a0b494c55fa73b05fc935b50530be
github	www.github.com/jenkinsci/code-coverage-api-plugin
t	www.t.me/cibsecurity/28088
openwall	www.openwall.com/lists/oss-security/2021/08/31/1

22 Nov 2023 00:00Current

9High risk

Vulners AI Score9

CVSS 3.18.8

CVSS 26.5

EPSS0.01198