Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/jenkins@2.287-r0?arch=aarch64&distroversion=v3.23&reponame=community

Type apk

Namespace alpine

Name jenkins

Version 2.287-r0

Qualifiers

arch	aarch64
distroversion	v3.23
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.319.2-r0

Latest_non_vulnerable_version 2.361.2-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-9prj-5zwe-7kc5

vulnerability_id VCID-9prj-5zwe-7kc5

summary

Lack of type validation in agent related REST API in Jenkins
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node.

This allows attackers with Computer/Configure permission to replace a node with one of a different type.

Jenkins 2.287, LTS 2.277.2 validates the type of object created and rejects objects of unexpected types.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21639.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21639.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21639

reference_id

reference_type

scores

value	0.00942
scoring_system	epss
scoring_elements	0.76308
published_at	2026-04-21T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76218
published_at	2026-04-01T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76222
published_at	2026-04-02T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76253
published_at	2026-04-04T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76233
published_at	2026-04-07T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76266
published_at	2026-04-08T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76279
published_at	2026-04-13T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76306
published_at	2026-04-11T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76283
published_at	2026-04-12T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.7632
published_at	2026-04-16T12:55:00Z

value	0.00942
scoring_system	epss
scoring_elements	0.76324
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21639

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/84210baed0c866bdee3e59271f98a767a14a5509

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/84210baed0c866bdee3e59271f98a767a14a5509

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21639

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21639

reference_url

https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721

reference_url

http://www.openwall.com/lists/oss-security/2021/04/07/2

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/04/07/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1947102
reference_id	1947102
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1947102

reference_url

https://security.archlinux.org/AVG-1781

reference_id

AVG-1781

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1781

reference_url

https://github.com/advisories/GHSA-pvwx-3jx5-24r2

reference_id

GHSA-pvwx-3jx5-24r2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pvwx-3jx5-24r2

reference_url	https://access.redhat.com/errata/RHSA-2021:1551
reference_id	RHSA-2021:1551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1551

reference_url	https://access.redhat.com/errata/RHSA-2021:2437
reference_id	RHSA-2021:2437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2437

fixed_packages

url	pkg:apk/alpine/jenkins@2.287-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/jenkins@2.287-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.287-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

aliases CVE-2021-21639, GHSA-pvwx-3jx5-24r2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9prj-5zwe-7kc5

url VCID-dkr2-9c7r-q3g9

vulnerability_id VCID-dkr2-9c7r-q3g9

summary

View name validation bypass in Jenkins
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name. When a form to create a view is submitted, the name is included twice in the submission. One instance is validated, but the other instance is used to create the value.

This allows attackers with View/Create permission to create views with invalid or already-used names.

Jenkins 2.287, LTS 2.277.2 uses the same submitted value for validation and view creation.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21640.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21640.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21640

reference_id

reference_type

scores

value	0.00703
scoring_system	epss
scoring_elements	0.72087
published_at	2026-04-21T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72007
published_at	2026-04-01T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72014
published_at	2026-04-02T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72034
published_at	2026-04-04T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72011
published_at	2026-04-07T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.7205
published_at	2026-04-08T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72062
published_at	2026-04-09T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72085
published_at	2026-04-11T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72068
published_at	2026-04-12T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72053
published_at	2026-04-13T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72094
published_at	2026-04-16T12:55:00Z

value	0.00703
scoring_system	epss
scoring_elements	0.72102
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21640

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/42e2c74049ddf5e0aca1fe6aadc7b24fdabb5494

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/42e2c74049ddf5e0aca1fe6aadc7b24fdabb5494

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21640

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21640

reference_url

https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871

reference_url

http://www.openwall.com/lists/oss-security/2021/04/07/2

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/04/07/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1947105
reference_id	1947105
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1947105

reference_url

https://security.archlinux.org/AVG-1781

reference_id

AVG-1781

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1781

reference_url

https://github.com/advisories/GHSA-w2hv-rcqr-2h7r

reference_id

GHSA-w2hv-rcqr-2h7r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w2hv-rcqr-2h7r

reference_url	https://access.redhat.com/errata/RHSA-2021:1551
reference_id	RHSA-2021:1551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1551

reference_url	https://access.redhat.com/errata/RHSA-2021:2437
reference_id	RHSA-2021:2437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2437

fixed_packages

url	pkg:apk/alpine/jenkins@2.287-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/jenkins@2.287-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.287-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

aliases CVE-2021-21640, GHSA-w2hv-rcqr-2h7r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dkr2-9c7r-q3g9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jenkins@2.287-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

Package Instance