10 matches found
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1594 more potentially affected by CVE-2021-21671 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.28)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2021-21671 Source advisory: OSV:GHSA-4WR9-2XC6-JMG5...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.15 packages and security update
Red Hat OpenShift Container Platform release 4.8.15 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...
CVE-2021-21671
Session fixation vulnerability was found in Jenkins. The existing session on login process are not invalidated and this allows an attacker to gain potentially additional access on Jenkins by using social engineering attack techniques on a target user...
Jenkins < 2.289.2, < 2.300 Multiple Vulnerabilities - Windows
Jenkins is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Jenkins < 2.289.2, < 2.300 Multiple Vulnerabilities - Linux
Jenkins is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[ASA-202107-5] jenkins: multiple issues
Arch Linux Security Advisory ASA-202107-5 ========================================= Severity: High Date : 2021-07-01 CVE-ID : CVE-2021-21670 CVE-2021-21671 Package : jenkins Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2118 Summary ======= The package jenkins befo...
CVE-2021-21671
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login...
CVE-2021-21671
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login...
CVE-2021-21671
CVE-2021-21671 affects Jenkins 2.299 and earlier (including LTS 2.289.1 and earlier), where the system does not invalidate the previous session on login, enabling session fixation. Exploitation could allow a remote attacker with social engineering to gain administrator access. Remediation: upgrad...
CVE-2021-21671
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login...