Search for packages
| purl | pkg:maven/org.jenkins-ci.main/jenkins-core@2.278 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9prj-5zwe-7kc5
Aliases: CVE-2021-21639 GHSA-pvwx-3jx5-24r2 |
Lack of type validation in agent related REST API in Jenkins Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node. This allows attackers with Computer/Configure permission to replace a node with one of a different type. Jenkins 2.287, LTS 2.277.2 validates the type of object created and rejects objects of unexpected types. |
Affected by 0 other vulnerabilities. |
|
VCID-dkr2-9c7r-q3g9
Aliases: CVE-2021-21640 GHSA-w2hv-rcqr-2h7r |
View name validation bypass in Jenkins Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name. When a form to create a view is submitted, the name is included twice in the submission. One instance is validated, but the other instance is used to create the value. This allows attackers with View/Create permission to create views with invalid or already-used names. Jenkins 2.287, LTS 2.277.2 uses the same submitted value for validation and view creation. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:02:06.350458+00:00 | GHSA Importer | Affected by | VCID-dkr2-9c7r-q3g9 | https://github.com/advisories/GHSA-w2hv-rcqr-2h7r | 38.0.0 |
| 2026-04-01T16:02:06.316406+00:00 | GHSA Importer | Affected by | VCID-9prj-5zwe-7kc5 | https://github.com/advisories/GHSA-pvwx-3jx5-24r2 | 38.0.0 |