Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/jenkins@2.276-1
Typealpm
Namespacearchlinux
Namejenkins
Version2.276-1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.280-1
Latest_non_vulnerable_version2.319-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-evt5-t9pq-n7a7
vulnerability_id VCID-evt5-t9pq-n7a7
summary 
Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
Due to a time-of-check to time-of-use (TOCTOU) race condition, the file browser for workspaces, archived artifacts, and `$JENKINS_HOME/userContent/` follows symbolic links to locations outside the directory being browsed in Jenkins 2.275 and LTS 2.263.2.

This allows attackers with Job/Workspace permission and the ability to control workspace contents, e.g., with Job/Configure permission or the ability to change SCM contents, to create symbolic links that allow them to access files outside workspaces using the workspace browser.

This issue is caused by an incorrectly applied fix for SECURITY-1452 / CVE-2021-21602 in the [2021-01-13 security advisory](https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1452).

Jenkins 2.276, LTS 2.263.3 no longer differentiates the check and the use of symlinks in workspace browsers.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21615.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21615.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21615
reference_id
reference_type
scores
0
value 0.00436
scoring_system epss
scoring_elements 0.63048
published_at 2026-04-18T12:55:00Z
1
value 0.00436
scoring_system epss
scoring_elements 0.6299
published_at 2026-04-04T12:55:00Z
2
value 0.00436
scoring_system epss
scoring_elements 0.62954
published_at 2026-04-07T12:55:00Z
3
value 0.00436
scoring_system epss
scoring_elements 0.63006
published_at 2026-04-08T12:55:00Z
4
value 0.00436
scoring_system epss
scoring_elements 0.63022
published_at 2026-04-09T12:55:00Z
5
value 0.00436
scoring_system epss
scoring_elements 0.63039
published_at 2026-04-11T12:55:00Z
6
value 0.00436
scoring_system epss
scoring_elements 0.63025
published_at 2026-04-12T12:55:00Z
7
value 0.00436
scoring_system epss
scoring_elements 0.63003
published_at 2026-04-13T12:55:00Z
8
value 0.00436
scoring_system epss
scoring_elements 0.6304
published_at 2026-04-16T12:55:00Z
9
value 0.00436
scoring_system epss
scoring_elements 0.62902
published_at 2026-04-01T12:55:00Z
10
value 0.00436
scoring_system epss
scoring_elements 0.62961
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21615
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21615
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21615
3
reference_url https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197
4
reference_url http://www.openwall.com/lists/oss-security/2021/01/26/2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/01/26/2
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1921322
reference_id 1921322
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1921322
6
reference_url https://security.archlinux.org/AVG-1491
reference_id AVG-1491
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1491
7
reference_url https://github.com/advisories/GHSA-qxp6-27gw-99cj
reference_id GHSA-qxp6-27gw-99cj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qxp6-27gw-99cj
8
reference_url https://access.redhat.com/errata/RHSA-2021:0423
reference_id RHSA-2021:0423
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0423
9
reference_url https://access.redhat.com/errata/RHSA-2021:0429
reference_id RHSA-2021:0429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0429
fixed_packages
0
url pkg:alpm/archlinux/jenkins@2.276-1
purl pkg:alpm/archlinux/jenkins@2.276-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jenkins@2.276-1
aliases CVE-2021-21615, GHSA-qxp6-27gw-99cj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evt5-t9pq-n7a7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jenkins@2.276-1