CVE-2021-21697

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
jenkinsCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
jenkinsjenkins
𝑥
≤ 2.303.2
jenkinsjenkins
𝑥
≤ 2.318
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2021/11/04/3
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428
http://www.openwall.com/lists/oss-security/2021/11/04/3
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428