CVE-2021-21670 — Vulnetix

CVE-2021-21670 PUBLISHED

Jenkins LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.

EPSS 1.17% · 79.1th percentile

Risk Scores

EPSS Score

1.17%

79.1th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	0
Bitnami	jenkins	0

Exploit Intelligence

https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2278 (circl)
[oss-security] 20210630 Multiple vulnerabilities in Jenkins and Jenkins plugins (circl)

Timeline

Jun 30, 2021 CVE Published
Jul 1, 2021 EPSS Score
Jul 2, 2021 EPSS Score
Oct 7, 2021 EPSS Score
Oct 29, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 27, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Feb 23, 2023 EPSS Score

References

http://www.openwall.com/lists/oss-security/2021/06/30/1 url
https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2278 url
https://nvd.nist.gov/vuln/detail/CVE-2021-21670 url

Open in Interactive Console →