Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:alpm/archlinux/jenkins@2.287-1
purl pkg:alpm/archlinux/jenkins@2.287-1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-9prj-5zwe-7kc5 Lack of type validation in agent related REST API in Jenkins Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node. This allows attackers with Computer/Configure permission to replace a node with one of a different type. Jenkins 2.287, LTS 2.277.2 validates the type of object created and rejects objects of unexpected types. CVE-2021-21639
GHSA-pvwx-3jx5-24r2
VCID-dkr2-9c7r-q3g9 View name validation bypass in Jenkins Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name. When a form to create a view is submitted, the name is included twice in the submission. One instance is validated, but the other instance is used to create the value. This allows attackers with View/Create permission to create views with invalid or already-used names. Jenkins 2.287, LTS 2.277.2 uses the same submitted value for validation and view creation. CVE-2021-21640
GHSA-w2hv-rcqr-2h7r

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T18:26:48.197215+00:00 Arch Linux Importer Fixing VCID-9prj-5zwe-7kc5 https://security.archlinux.org/AVG-1781 38.0.0
2026-04-01T18:26:48.174490+00:00 Arch Linux Importer Fixing VCID-dkr2-9c7r-q3g9 https://security.archlinux.org/AVG-1781 38.0.0