Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/jenkins@2.289.1.1624020353-1?arch=el8

Type rpm

Namespace redhat

Name jenkins

Version 2.289.1.1624020353-1

Qualifiers

arch	el8

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-4xxt-zn4e-fqg7

vulnerability_id

VCID-4xxt-zn4e-fqg7

summary

Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items
Items (like jobs) can be organized hierarchically in Jenkins, using the Folders Plugin or something similar. An item is expected to be accessible only if all its ancestors are accessible as well.

Matrix Authorization Strategy Plugin 2.6.5 and earlier does not correctly perform permission checks to determine whether an item should be accessible.

This allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.\n\nMatrix Authorization Strategy Plugin 2.6.6 requires Item/Read permission on parent items to grant Item/Read permission on an individual item.

As a workaround in older releases, do not grant permissions on individual items to users who do not have access to parent items.

In case of problems, the [Java system property](https://www.jenkins.io/doc/book/managing/system-properties/) `hudson.security.AuthorizationMatrixProperty.checkParentPermissions` can be set to false, completely disabling this fix.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21623.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21623.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21623

reference_id

reference_type

scores

value	0.001
scoring_system	epss
scoring_elements	0.2756
published_at	2026-04-21T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27735
published_at	2026-04-01T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27773
published_at	2026-04-02T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27811
published_at	2026-04-04T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27603
published_at	2026-04-07T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.2767
published_at	2026-04-08T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27713
published_at	2026-04-09T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27717
published_at	2026-04-11T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27674
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27615
published_at	2026-04-13T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27625
published_at	2026-04-16T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27599
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21623

reference_url

https://github.com/jenkinsci/matrix-auth-plugin

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/matrix-auth-plugin

reference_url

https://github.com/jenkinsci/matrix-auth-plugin/commit/bbe358575155912b818ab3c6e8b9623f21ad3418

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/matrix-auth-plugin/commit/bbe358575155912b818ab3c6e8b9623f21ad3418

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21623

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21623

reference_url

https://www.jenkins.io/security/advisory/2021-03-18/#SECURITY-2180

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-03-18/#SECURITY-2180

reference_url

http://www.openwall.com/lists/oss-security/2021/03/18/5

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/03/18/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1940489
reference_id	1940489
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1940489

reference_url

https://github.com/advisories/GHSA-96jw-3xw4-mq9p

reference_id

GHSA-96jw-3xw4-mq9p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-96jw-3xw4-mq9p

reference_url	https://access.redhat.com/errata/RHSA-2021:2437
reference_id	RHSA-2021:2437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2437

fixed_packages

aliases

CVE-2021-21623, GHSA-96jw-3xw4-mq9p

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4xxt-zn4e-fqg7

url

VCID-9prj-5zwe-7kc5

vulnerability_id

VCID-9prj-5zwe-7kc5

summary

Lack of type validation in agent related REST API in Jenkins
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node.

This allows attackers with Computer/Configure permission to replace a node with one of a different type.

Jenkins 2.287, LTS 2.277.2 validates the type of object created and rejects objects of unexpected types.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21639.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21639.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21639

reference_id

reference_type

scores

value	0.00942
scoring_system	epss
scoring_elements	0.76308
published_at	2026-04-21T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76218
published_at	2026-04-01T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76222
published_at	2026-04-02T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76253
published_at	2026-04-04T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76233
published_at	2026-04-07T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76266
published_at	2026-04-08T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76279
published_at	2026-04-13T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76306
published_at	2026-04-11T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76283
published_at	2026-04-12T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.7632
published_at	2026-04-16T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76324
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21639

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/84210baed0c866bdee3e59271f98a767a14a5509

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/84210baed0c866bdee3e59271f98a767a14a5509

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21639

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21639

reference_url

https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721

reference_url

http://www.openwall.com/lists/oss-security/2021/04/07/2

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/04/07/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1947102
reference_id	1947102
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1947102

reference_url

https://security.archlinux.org/AVG-1781

reference_id

AVG-1781

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1781

reference_url

https://github.com/advisories/GHSA-pvwx-3jx5-24r2

reference_id

GHSA-pvwx-3jx5-24r2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pvwx-3jx5-24r2

reference_url	https://access.redhat.com/errata/RHSA-2021:1551
reference_id	RHSA-2021:1551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1551

reference_url	https://access.redhat.com/errata/RHSA-2021:2437
reference_id	RHSA-2021:2437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2437

fixed_packages

aliases

CVE-2021-21639, GHSA-pvwx-3jx5-24r2

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-9prj-5zwe-7kc5

url

VCID-dkr2-9c7r-q3g9

vulnerability_id

VCID-dkr2-9c7r-q3g9

summary

View name validation bypass in Jenkins
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name. When a form to create a view is submitted, the name is included twice in the submission. One instance is validated, but the other instance is used to create the value.

This allows attackers with View/Create permission to create views with invalid or already-used names.

Jenkins 2.287, LTS 2.277.2 uses the same submitted value for validation and view creation.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21640.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21640.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21640

reference_id

reference_type

scores

value	0.00703
scoring_system	epss
scoring_elements	0.72087
published_at	2026-04-21T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72007
published_at	2026-04-01T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72014
published_at	2026-04-02T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72034
published_at	2026-04-04T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72011
published_at	2026-04-07T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.7205
published_at	2026-04-08T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72062
published_at	2026-04-09T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72085
published_at	2026-04-11T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72068
published_at	2026-04-12T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72053
published_at	2026-04-13T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72094
published_at	2026-04-16T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72102
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21640

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/42e2c74049ddf5e0aca1fe6aadc7b24fdabb5494

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/42e2c74049ddf5e0aca1fe6aadc7b24fdabb5494

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21640

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21640

reference_url

https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871

reference_url

http://www.openwall.com/lists/oss-security/2021/04/07/2

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/04/07/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1947105
reference_id	1947105
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1947105

reference_url

https://security.archlinux.org/AVG-1781

reference_id

AVG-1781

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1781

reference_url

https://github.com/advisories/GHSA-w2hv-rcqr-2h7r

reference_id

GHSA-w2hv-rcqr-2h7r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w2hv-rcqr-2h7r

reference_url	https://access.redhat.com/errata/RHSA-2021:1551
reference_id	RHSA-2021:1551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1551

reference_url	https://access.redhat.com/errata/RHSA-2021:2437
reference_id	RHSA-2021:2437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2437

fixed_packages

aliases

CVE-2021-21640, GHSA-w2hv-rcqr-2h7r

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-dkr2-9c7r-q3g9

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.289.1.1624020353-1%3Farch=el8

Package Instance