Vulnerabilities > CVE-2021-21639 - Unspecified vulnerability in Jenkins

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
jenkins
NVD
Published: 2021-04-07
Updated: 2024-11-21

Summary

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.

Vulnerable Configurations

Part Description Count
Application
Jenkins
1071

References