CVE-2021-21697

EUVD-2022-3632
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
jenkinsjenkins
𝑥
≤ 2.303.2
jenkinsjenkins
𝑥
≤ 2.318
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2021/11/04/3
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428
http://www.openwall.com/lists/oss-security/2021/11/04/3
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428