Home > Vulnerability Database > CVE-2021-21639

Mend.io Vulnerability Database

CVE-2021-21639

Good to know:

Date: April 7, 2021

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the "config.xml" REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.

Language: Java

Severity Score

4.3

Related Resources (6)

Url: https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-21639

Url: https://github.com/jenkinsci/jenkins/commit/84210baed0c866bdee3e59271f98a767a14a5509

Url: https://github.com/jenkinsci/jenkins

Url: http://www.openwall.com/lists/oss-security/2021/04/07/2

Url: https://www.mend.io/vulnerability-database/CVE-2021-21639

Severity Score

4.3

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.main:jenkins-core:2.277.2;org.jenkins-ci.main:jenkins-core:2.287

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-21639

Good to know:

Date: April 7, 2021

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?