Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

Type maven

Namespace org.jenkins-ci.main

Name jenkins-core

Version 2.319

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.319.2

Latest_non_vulnerable_version 2.555

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1kf2-8j67-7kg3

vulnerability_id VCID-1kf2-8j67-7kg3

summary

Improper Link Resolution Before File Access ('Link Following')
File path filters in the agent-to-controller security subsystem of Jenkins do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21686.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21686.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21686

reference_id

reference_type

scores

value	0.00506
scoring_system	epss
scoring_elements	0.66322
published_at	2026-05-07T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.663
published_at	2026-04-29T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66285
published_at	2026-04-24T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66262
published_at	2026-04-21T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66278
published_at	2026-05-05T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66263
published_at	2026-04-16T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66228
published_at	2026-04-13T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66259
published_at	2026-04-12T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66272
published_at	2026-04-11T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66252
published_at	2026-04-09T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66221
published_at	2026-04-04T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66194
published_at	2026-04-02T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66191
published_at	2026-04-07T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66153
published_at	2026-04-01T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66239
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21686

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020323
reference_id	2020323
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020323

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21686

reference_id

CVE-2021-21686

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21686

reference_url

https://github.com/advisories/GHSA-4g38-hrm4-rg94

reference_id

GHSA-4g38-hrm4-rg94

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4g38-hrm4-rg94

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21686, GHSA-4g38-hrm4-rg94

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kf2-8j67-7kg3

url VCID-53km-desw-w7d6

vulnerability_id VCID-53km-desw-w7d6

summary

Protection Mechanism Failure
Jenkins does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21696.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21696.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21696

reference_id

reference_type

scores

value	0.00954
scoring_system	epss
scoring_elements	0.76516
published_at	2026-05-07T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76403
published_at	2026-04-08T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76418
published_at	2026-04-09T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76443
published_at	2026-04-11T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76421
published_at	2026-04-12T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76416
published_at	2026-04-13T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76457
published_at	2026-04-16T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76461
published_at	2026-04-18T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76447
published_at	2026-04-21T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76481
published_at	2026-04-24T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76488
published_at	2026-04-26T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.765
published_at	2026-04-29T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76487
published_at	2026-05-05T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76356
published_at	2026-04-01T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76359
published_at	2026-04-02T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76389
published_at	2026-04-04T12:55:00Z

value	0.00954
scoring_system	epss
scoring_elements	0.76371
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21696

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/93451e20c20cfd84badeb0f37c38d4c0c7a5dad3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/93451e20c20cfd84badeb0f37c38d4c0c7a5dad3

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423

reference_url

http://www.openwall.com/lists/oss-security/2021/11/04/3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/11/04/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020344
reference_id	2020344
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020344

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21696

reference_id

CVE-2021-21696

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21696

reference_url

https://github.com/advisories/GHSA-c5r9-rx53-q3gf

reference_id

GHSA-c5r9-rx53-q3gf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c5r9-rx53-q3gf

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21696, GHSA-c5r9-rx53-q3gf

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53km-desw-w7d6

url VCID-7w87-bm8n-bbbr

vulnerability_id VCID-7w87-bm8n-bbbr

summary

Missing Authorization
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21688.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21688.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21688

reference_id

reference_type

scores

value	0.00352
scoring_system	epss
scoring_elements	0.57578
published_at	2026-05-07T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57532
published_at	2026-05-05T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57576
published_at	2026-04-29T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57597
published_at	2026-04-26T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57577
published_at	2026-04-24T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57618
published_at	2026-04-21T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57644
published_at	2026-04-16T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57614
published_at	2026-04-13T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57635
published_at	2026-04-12T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57655
published_at	2026-04-11T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57636
published_at	2026-04-08T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57608
published_at	2026-04-04T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57582
published_at	2026-04-07T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57503
published_at	2026-04-01T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.5764
published_at	2026-04-18T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.57586
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21688

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020327
reference_id	2020327
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020327

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21688

reference_id

CVE-2021-21688

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21688

reference_url

https://github.com/advisories/GHSA-m9hr-259f-2v23

reference_id

GHSA-m9hr-259f-2v23

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m9hr-259f-2v23

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21688, GHSA-m9hr-259f-2v23

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7w87-bm8n-bbbr

url VCID-b4zg-38x9-23dn

vulnerability_id VCID-b4zg-38x9-23dn

summary

Missing Authorization
Jenkins does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21687.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21687.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21687

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50515
published_at	2026-05-07T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50605
published_at	2026-04-13T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50646
published_at	2026-04-16T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50652
published_at	2026-04-18T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50631
published_at	2026-04-21T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50579
published_at	2026-04-24T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50587
published_at	2026-04-26T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50542
published_at	2026-04-29T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50462
published_at	2026-05-05T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50511
published_at	2026-04-01T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50568
published_at	2026-04-02T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50596
published_at	2026-04-04T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50548
published_at	2026-04-07T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50603
published_at	2026-04-08T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.506
published_at	2026-04-09T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50642
published_at	2026-04-11T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50619
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21687

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020324
reference_id	2020324
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020324

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21687

reference_id

CVE-2021-21687

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21687

reference_url

https://github.com/advisories/GHSA-3q84-vrvx-rfvf

reference_id

GHSA-3q84-vrvx-rfvf

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3q84-vrvx-rfvf

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21687, GHSA-3q84-vrvx-rfvf

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b4zg-38x9-23dn

url VCID-fvza-3rhj-8kbp

vulnerability_id VCID-fvza-3rhj-8kbp

summary

Protection Mechanism Failure
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21690.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21690.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21690

reference_id

reference_type

scores

value	0.00504
scoring_system	epss
scoring_elements	0.66242
published_at	2026-05-07T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66146
published_at	2026-04-04T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66115
published_at	2026-04-07T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66163
published_at	2026-04-08T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66177
published_at	2026-04-09T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66196
published_at	2026-04-11T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66183
published_at	2026-04-12T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66152
published_at	2026-04-13T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66187
published_at	2026-04-16T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.662
published_at	2026-04-18T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66185
published_at	2026-04-21T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66207
published_at	2026-04-24T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.6622
published_at	2026-04-26T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66219
published_at	2026-04-29T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66198
published_at	2026-05-05T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66078
published_at	2026-04-01T12:55:00Z

value	0.00504
scoring_system	epss
scoring_elements	0.66119
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21690

reference_url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020336
reference_id	2020336
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020336

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21690

reference_id

CVE-2021-21690

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21690

reference_url

https://github.com/advisories/GHSA-97c3-w9cr-6qc2

reference_id

GHSA-97c3-w9cr-6qc2

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-97c3-w9cr-6qc2

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21690, GHSA-97c3-w9cr-6qc2

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fvza-3rhj-8kbp

url VCID-h3nf-gwsr-5qf3

vulnerability_id VCID-h3nf-gwsr-5qf3

summary

Missing Authorization
File operations do not check any permissions in Jenkins.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21694.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21694.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21694

reference_id

reference_type

scores

value	0.00291
scoring_system	epss
scoring_elements	0.52473
published_at	2026-05-07T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52514
published_at	2026-04-08T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52508
published_at	2026-04-09T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52559
published_at	2026-04-11T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52542
published_at	2026-04-12T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52527
published_at	2026-04-13T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52566
published_at	2026-04-16T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52572
published_at	2026-04-18T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52557
published_at	2026-04-21T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52507
published_at	2026-04-24T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52517
published_at	2026-04-26T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52479
published_at	2026-04-29T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.5242
published_at	2026-05-05T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52421
published_at	2026-04-01T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52467
published_at	2026-04-02T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52495
published_at	2026-04-04T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52461
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21694

reference_url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020342
reference_id	2020342
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020342

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21694

reference_id

CVE-2021-21694

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21694

reference_url

https://github.com/advisories/GHSA-pgj6-jmj5-wqfx

reference_id

GHSA-pgj6-jmj5-wqfx

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pgj6-jmj5-wqfx

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21694, GHSA-pgj6-jmj5-wqfx

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h3nf-gwsr-5qf3

url VCID-kf3a-yce1-auh4

vulnerability_id VCID-kf3a-yce1-auh4

summary

Incorrect Authorization
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21691.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21691.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21691

reference_id

reference_type

scores

value	0.00637
scoring_system	epss
scoring_elements	0.70576
published_at	2026-05-07T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70479
published_at	2026-04-09T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70503
published_at	2026-04-11T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70488
published_at	2026-04-12T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70474
published_at	2026-04-13T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70516
published_at	2026-04-16T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70524
published_at	2026-04-18T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70504
published_at	2026-04-21T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70554
published_at	2026-04-24T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70563
published_at	2026-04-29T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70536
published_at	2026-05-05T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70409
published_at	2026-04-01T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70422
published_at	2026-04-02T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.7044
published_at	2026-04-04T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70418
published_at	2026-04-07T12:55:00Z

value	0.00637
scoring_system	epss
scoring_elements	0.70463
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21691

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020338
reference_id	2020338
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020338

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21691

reference_id

CVE-2021-21691

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21691

reference_url

https://github.com/advisories/GHSA-2c79-h2h5-g3fw

reference_id

GHSA-2c79-h2h5-g3fw

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2c79-h2h5-g3fw

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21691, GHSA-2c79-h2h5-g3fw

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kf3a-yce1-auh4

url VCID-nq1x-s9hz-a7fb

vulnerability_id VCID-nq1x-s9hz-a7fb

summary

Missing Authorization
FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21695.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21695.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21695

reference_id

reference_type

scores

value	0.00528
scoring_system	epss
scoring_elements	0.67229
published_at	2026-05-07T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67119
published_at	2026-04-07T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67169
published_at	2026-04-08T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67182
published_at	2026-04-09T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67202
published_at	2026-04-11T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67188
published_at	2026-05-05T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67157
published_at	2026-04-13T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67193
published_at	2026-04-16T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67205
published_at	2026-04-18T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67186
published_at	2026-04-21T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67206
published_at	2026-04-24T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67218
published_at	2026-04-26T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67219
published_at	2026-04-29T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67084
published_at	2026-04-01T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67121
published_at	2026-04-02T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67145
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21695

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_url

http://www.openwall.com/lists/oss-security/2021/11/04/3

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/11/04/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020343
reference_id	2020343
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020343

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21695

reference_id

CVE-2021-21695

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21695

reference_url

https://github.com/advisories/GHSA-cvvm-4cr9-r436

reference_id

GHSA-cvvm-4cr9-r436

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cvvm-4cr9-r436

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21695, GHSA-cvvm-4cr9-r436

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nq1x-s9hz-a7fb

url VCID-r3ry-745m-zuh1

vulnerability_id VCID-r3ry-745m-zuh1

summary

Missing Authorization
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21689.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21689.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21689

reference_id

reference_type

scores

value	0.01456
scoring_system	epss
scoring_elements	0.8093
published_at	2026-05-07T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80909
published_at	2026-05-05T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80892
published_at	2026-04-29T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.8088
published_at	2026-04-26T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80874
published_at	2026-04-24T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80852
published_at	2026-04-21T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80849
published_at	2026-04-16T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80812
published_at	2026-04-13T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.8082
published_at	2026-04-12T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80835
published_at	2026-04-11T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80782
published_at	2026-04-07T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80785
published_at	2026-04-04T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.8081
published_at	2026-04-08T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80756
published_at	2026-04-01T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80818
published_at	2026-04-09T12:55:00Z

value	0.01456
scoring_system	epss
scoring_elements	0.80765
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21689

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020335
reference_id	2020335
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020335

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21689

reference_id

CVE-2021-21689

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21689

reference_url

https://github.com/advisories/GHSA-j3cq-h6vh-gx7f

reference_id

GHSA-j3cq-h6vh-gx7f

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j3cq-h6vh-gx7f

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21689, GHSA-j3cq-h6vh-gx7f

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r3ry-745m-zuh1

url VCID-r3v1-qkky-dqcq

vulnerability_id VCID-r3v1-qkky-dqcq

summary

Missing Authorization
Jenkins does not check agent-to-controller access to create parent directories in FilePath#mkdirs.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21685.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21685.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21685

reference_id

reference_type

scores

value	0.00197
scoring_system	epss
scoring_elements	0.41463
published_at	2026-05-07T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41689
published_at	2026-04-01T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41754
published_at	2026-04-02T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41782
published_at	2026-04-04T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41709
published_at	2026-04-07T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41759
published_at	2026-04-08T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41768
published_at	2026-04-09T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41791
published_at	2026-04-16T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41758
published_at	2026-04-12T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41744
published_at	2026-04-13T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41765
published_at	2026-04-18T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.4169
published_at	2026-04-21T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41616
published_at	2026-04-24T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41614
published_at	2026-04-26T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41536
published_at	2026-04-29T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41394
published_at	2026-05-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21685

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_url

http://www.openwall.com/lists/oss-security/2021/11/04/3

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/11/04/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020322
reference_id	2020322
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020322

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21685

reference_id

CVE-2021-21685

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21685

reference_url

https://github.com/advisories/GHSA-58xm-mxjf-254g

reference_id

GHSA-58xm-mxjf-254g

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-58xm-mxjf-254g

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21685, GHSA-58xm-mxjf-254g

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r3v1-qkky-dqcq

url VCID-remx-jas5-1bfm

vulnerability_id VCID-remx-jas5-1bfm

summary

Incorrect Authorization
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21692.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21692.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21692

reference_id

reference_type

scores

value	0.00647
scoring_system	epss
scoring_elements	0.70862
published_at	2026-05-07T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.7072
published_at	2026-04-04T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70697
published_at	2026-04-07T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70742
published_at	2026-04-08T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70758
published_at	2026-04-09T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70781
published_at	2026-04-11T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70764
published_at	2026-04-12T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70748
published_at	2026-04-13T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70793
published_at	2026-04-16T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.708
published_at	2026-04-18T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70778
published_at	2026-04-21T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70831
published_at	2026-04-24T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70841
published_at	2026-04-26T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.7084
published_at	2026-04-29T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70822
published_at	2026-05-05T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70687
published_at	2026-04-01T12:55:00Z

value	0.00647
scoring_system	epss
scoring_elements	0.70702
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21692

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020339
reference_id	2020339
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020339

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21692

reference_id

CVE-2021-21692

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21692

reference_url

https://github.com/advisories/GHSA-8xg4-xq2v-v6j7

reference_id

GHSA-8xg4-xq2v-v6j7

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8xg4-xq2v-v6j7

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21692, GHSA-8xg4-xq2v-v6j7

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-remx-jas5-1bfm

url VCID-wuvf-kdtu-tkc2

vulnerability_id VCID-wuvf-kdtu-tkc2

summary

Improper Authorization
When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21693.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21693.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21693

reference_id

reference_type

scores

value	0.00508
scoring_system	epss
scoring_elements	0.66396
published_at	2026-05-07T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66352
published_at	2026-05-05T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66376
published_at	2026-04-29T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66361
published_at	2026-04-24T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66338
published_at	2026-04-21T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66353
published_at	2026-04-18T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66337
published_at	2026-04-16T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66302
published_at	2026-04-13T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66333
published_at	2026-04-12T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66346
published_at	2026-04-11T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66265
published_at	2026-04-07T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66295
published_at	2026-04-04T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66313
published_at	2026-04-08T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66229
published_at	2026-04-01T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66326
published_at	2026-04-09T12:55:00Z

value	0.00508
scoring_system	epss
scoring_elements	0.66269
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21693

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b

reference_url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74

reference_url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020341
reference_id	2020341
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020341

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21693

reference_id

CVE-2021-21693

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21693

reference_url

https://github.com/advisories/GHSA-929w-q433-4h9x

reference_id

GHSA-929w-q433-4h9x

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-929w-q433-4h9x

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21693, GHSA-929w-q433-4h9x

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuvf-kdtu-tkc2

url VCID-zgtd-8mf6-ruc9

vulnerability_id VCID-zgtd-8mf6-ruc9

summary

Incomplete List of Disallowed Inputs
Jenkins allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21697.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21697.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21697

reference_id

reference_type

scores

value	0.01461
scoring_system	epss
scoring_elements	0.8096
published_at	2026-05-07T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80817
published_at	2026-04-04T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80814
published_at	2026-04-07T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80841
published_at	2026-04-08T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80849
published_at	2026-04-09T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80865
published_at	2026-04-11T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80851
published_at	2026-04-12T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80843
published_at	2026-04-13T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.8088
published_at	2026-04-16T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80882
published_at	2026-04-18T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80884
published_at	2026-04-21T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80905
published_at	2026-04-24T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80912
published_at	2026-04-26T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80923
published_at	2026-04-29T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80939
published_at	2026-05-05T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80787
published_at	2026-04-01T12:55:00Z

value	0.01461
scoring_system	epss
scoring_elements	0.80796
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21697

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/cf388d2a04e6016d23eb93fa3cc804f2554b98f0

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/cf388d2a04e6016d23eb93fa3cc804f2554b98f0

reference_url

https://github.com/jenkinsci/jenkins/commit/eae33841b587da787f37d5b6c8451d483edc04d9

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/eae33841b587da787f37d5b6c8451d483edc04d9

reference_url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428

reference_url

http://www.openwall.com/lists/oss-security/2021/11/04/3

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/11/04/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2020345
reference_id	2020345
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2020345

reference_url	https://security.archlinux.org/ASA-202111-1
reference_id	ASA-202111-1
reference_type
scores
url	https://security.archlinux.org/ASA-202111-1

reference_url

https://security.archlinux.org/AVG-2526

reference_id

AVG-2526

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21697

reference_id

CVE-2021-21697

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21697

reference_url

https://github.com/advisories/GHSA-cv2w-q8c3-xjv7

reference_id

GHSA-cv2w-q8c3-xjv7

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cv2w-q8c3-xjv7

reference_url	https://access.redhat.com/errata/RHSA-2021:4799
reference_id	RHSA-2021:4799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4799

reference_url	https://access.redhat.com/errata/RHSA-2021:4801
reference_id	RHSA-2021:4801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4801

reference_url	https://access.redhat.com/errata/RHSA-2021:4827
reference_id	RHSA-2021:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4827

reference_url	https://access.redhat.com/errata/RHSA-2021:4829
reference_id	RHSA-2021:4829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4829

reference_url	https://access.redhat.com/errata/RHSA-2021:4833
reference_id	RHSA-2021:4833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4833

fixed_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kf2-8j67-7kg3

vulnerability	VCID-7w87-bm8n-bbbr

vulnerability	VCID-b4zg-38x9-23dn

vulnerability	VCID-fvza-3rhj-8kbp

vulnerability	VCID-h3nf-gwsr-5qf3

vulnerability	VCID-kf3a-yce1-auh4

vulnerability	VCID-nq1x-s9hz-a7fb

vulnerability	VCID-r3ry-745m-zuh1

vulnerability	VCID-r3v1-qkky-dqcq

vulnerability	VCID-remx-jas5-1bfm

vulnerability	VCID-wuvf-kdtu-tkc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.303.3

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

aliases CVE-2021-21697, GHSA-cv2w-q8c3-xjv7

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgtd-8mf6-ruc9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.319

Package Instance