{"url":"http://public2.vulnerablecode.io/api/packages/99830?format=json","purl":"pkg:rpm/redhat/jenkins@2.303.3.1637698110-1?arch=el7","type":"rpm","namespace":"redhat","name":"jenkins","version":"2.303.3.1637698110-1","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11490?format=json","vulnerability_id":"VCID-1kf2-8j67-7kg3","summary":"Improper Link Resolution Before File Access ('Link Following')\nFile path filters in the agent-to-controller security subsystem of Jenkins do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21686.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21686.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21686","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66322","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.663","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66285","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66262","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66278","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66263","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66228","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66259","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66272","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66252","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66194","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66191","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66153","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66239","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21686"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020323","reference_id":"2020323","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020323"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21686","reference_id":"CVE-2021-21686","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21686"},{"reference_url":"https://github.com/advisories/GHSA-4g38-hrm4-rg94","reference_id":"GHSA-4g38-hrm4-rg94","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4g38-hrm4-rg94"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21686","GHSA-4g38-hrm4-rg94"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kf2-8j67-7kg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11486?format=json","vulnerability_id":"VCID-53km-desw-w7d6","summary":"Protection Mechanism Failure\nJenkins does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21696.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21696","reference_id":"","reference_type":"","scores":[{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76516","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76418","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76443","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76421","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76416","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76457","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76461","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76447","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76481","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76488","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.765","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76487","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76356","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76359","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76389","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76371","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21696"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/93451e20c20cfd84badeb0f37c38d4c0c7a5dad3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/93451e20c20cfd84badeb0f37c38d4c0c7a5dad3"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/04/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/11/04/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020344","reference_id":"2020344","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020344"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21696","reference_id":"CVE-2021-21696","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21696"},{"reference_url":"https://github.com/advisories/GHSA-c5r9-rx53-q3gf","reference_id":"GHSA-c5r9-rx53-q3gf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c5r9-rx53-q3gf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21696","GHSA-c5r9-rx53-q3gf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53km-desw-w7d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11497?format=json","vulnerability_id":"VCID-7w87-bm8n-bbbr","summary":"Missing Authorization\nThe agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21688.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21688","reference_id":"","reference_type":"","scores":[{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57578","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57532","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57576","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57597","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57577","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57618","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57644","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57614","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57655","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57636","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57608","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57582","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57503","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.5764","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57586","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21688"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020327","reference_id":"2020327","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020327"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21688","reference_id":"CVE-2021-21688","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21688"},{"reference_url":"https://github.com/advisories/GHSA-m9hr-259f-2v23","reference_id":"GHSA-m9hr-259f-2v23","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9hr-259f-2v23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21688","GHSA-m9hr-259f-2v23"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7w87-bm8n-bbbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11491?format=json","vulnerability_id":"VCID-b4zg-38x9-23dn","summary":"Missing Authorization\nJenkins does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21687.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21687.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21687","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50515","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50605","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50646","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50652","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50631","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50579","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50587","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50542","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50462","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50511","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50568","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50596","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50548","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50603","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.506","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50642","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50619","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21687"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020324","reference_id":"2020324","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020324"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21687","reference_id":"CVE-2021-21687","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21687"},{"reference_url":"https://github.com/advisories/GHSA-3q84-vrvx-rfvf","reference_id":"GHSA-3q84-vrvx-rfvf","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3q84-vrvx-rfvf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21687","GHSA-3q84-vrvx-rfvf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4zg-38x9-23dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11499?format=json","vulnerability_id":"VCID-fvza-3rhj-8kbp","summary":"Protection Mechanism Failure\nAgent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21690.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21690","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66242","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66146","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66163","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66177","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66196","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66183","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66152","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66187","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.662","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66207","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.6622","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66219","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66198","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66078","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66119","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21690"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020336","reference_id":"2020336","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020336"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21690","reference_id":"CVE-2021-21690","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21690"},{"reference_url":"https://github.com/advisories/GHSA-97c3-w9cr-6qc2","reference_id":"GHSA-97c3-w9cr-6qc2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-97c3-w9cr-6qc2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21690","GHSA-97c3-w9cr-6qc2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fvza-3rhj-8kbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11500?format=json","vulnerability_id":"VCID-h3nf-gwsr-5qf3","summary":"Missing Authorization\nFile operations do not check any permissions in Jenkins.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21694.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21694","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52473","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52514","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52508","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52559","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52542","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52527","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52566","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52572","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52557","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52517","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52479","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.5242","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52421","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52495","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52461","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21694"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020342","reference_id":"2020342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020342"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21694","reference_id":"CVE-2021-21694","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21694"},{"reference_url":"https://github.com/advisories/GHSA-pgj6-jmj5-wqfx","reference_id":"GHSA-pgj6-jmj5-wqfx","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pgj6-jmj5-wqfx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21694","GHSA-pgj6-jmj5-wqfx"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h3nf-gwsr-5qf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11502?format=json","vulnerability_id":"VCID-kf3a-yce1-auh4","summary":"Incorrect Authorization\nCreating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21691.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21691","reference_id":"","reference_type":"","scores":[{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70576","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70479","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70503","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70488","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70474","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70516","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70524","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70504","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70554","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70563","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70536","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70409","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70422","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.7044","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70418","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70463","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21691"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020338","reference_id":"2020338","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020338"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21691","reference_id":"CVE-2021-21691","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21691"},{"reference_url":"https://github.com/advisories/GHSA-2c79-h2h5-g3fw","reference_id":"GHSA-2c79-h2h5-g3fw","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2c79-h2h5-g3fw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21691","GHSA-2c79-h2h5-g3fw"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kf3a-yce1-auh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11489?format=json","vulnerability_id":"VCID-nq1x-s9hz-a7fb","summary":"Missing Authorization\nFilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21695.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21695","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67229","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67119","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67169","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67202","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67188","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67193","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67205","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67186","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67206","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67218","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67219","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67084","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67121","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67145","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21695"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/04/3","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/11/04/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020343","reference_id":"2020343","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020343"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21695","reference_id":"CVE-2021-21695","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21695"},{"reference_url":"https://github.com/advisories/GHSA-cvvm-4cr9-r436","reference_id":"GHSA-cvvm-4cr9-r436","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cvvm-4cr9-r436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21695","GHSA-cvvm-4cr9-r436"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nq1x-s9hz-a7fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11484?format=json","vulnerability_id":"VCID-r3ry-745m-zuh1","summary":"Missing Authorization\nFilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21689.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21689","reference_id":"","reference_type":"","scores":[{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.8093","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80909","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80892","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.8088","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80874","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80852","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80849","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80812","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.8082","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80835","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80782","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80785","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.8081","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80756","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80818","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01456","scoring_system":"epss","scoring_elements":"0.80765","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21689"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020335","reference_id":"2020335","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020335"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21689","reference_id":"CVE-2021-21689","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21689"},{"reference_url":"https://github.com/advisories/GHSA-j3cq-h6vh-gx7f","reference_id":"GHSA-j3cq-h6vh-gx7f","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3cq-h6vh-gx7f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21689","GHSA-j3cq-h6vh-gx7f"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3ry-745m-zuh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11483?format=json","vulnerability_id":"VCID-r3v1-qkky-dqcq","summary":"Missing Authorization\nJenkins does not check agent-to-controller access to create parent directories in FilePath#mkdirs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21685.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21685.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21685","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41463","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41689","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41754","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41782","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41709","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41759","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41768","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41791","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41758","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41744","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41765","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4169","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41616","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41614","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41536","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41394","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21685"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/04/3","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/11/04/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020322","reference_id":"2020322","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020322"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21685","reference_id":"CVE-2021-21685","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21685"},{"reference_url":"https://github.com/advisories/GHSA-58xm-mxjf-254g","reference_id":"GHSA-58xm-mxjf-254g","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-58xm-mxjf-254g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21685","GHSA-58xm-mxjf-254g"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3v1-qkky-dqcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11493?format=json","vulnerability_id":"VCID-remx-jas5-1bfm","summary":"Incorrect Authorization\nFilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21692.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21692","reference_id":"","reference_type":"","scores":[{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70862","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.7072","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70697","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70742","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70758","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70781","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70764","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70748","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70793","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.708","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70778","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70831","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70841","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.7084","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70822","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70687","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.70702","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21692"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020339","reference_id":"2020339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020339"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21692","reference_id":"CVE-2021-21692","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21692"},{"reference_url":"https://github.com/advisories/GHSA-8xg4-xq2v-v6j7","reference_id":"GHSA-8xg4-xq2v-v6j7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xg4-xq2v-v6j7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21692","GHSA-8xg4-xq2v-v6j7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-remx-jas5-1bfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11488?format=json","vulnerability_id":"VCID-wuvf-kdtu-tkc2","summary":"Improper Authorization\nWhen creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21693.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21693","reference_id":"","reference_type":"","scores":[{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66396","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66352","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66376","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66361","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66338","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66353","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66337","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66302","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66333","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66265","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66295","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66313","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66229","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66326","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66269","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21693"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020341","reference_id":"2020341","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020341"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21693","reference_id":"CVE-2021-21693","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21693"},{"reference_url":"https://github.com/advisories/GHSA-929w-q433-4h9x","reference_id":"GHSA-929w-q433-4h9x","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-929w-q433-4h9x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21693","GHSA-929w-q433-4h9x"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wuvf-kdtu-tkc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11482?format=json","vulnerability_id":"VCID-zgtd-8mf6-ruc9","summary":"Incomplete List of Disallowed Inputs\nJenkins allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21697.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21697","reference_id":"","reference_type":"","scores":[{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.8096","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80817","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80814","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80841","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80849","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80865","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80851","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80843","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.8088","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80882","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80884","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80905","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80912","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80923","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80939","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80787","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01461","scoring_system":"epss","scoring_elements":"0.80796","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21697"},{"reference_url":"https://github.com/jenkinsci/jenkins","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/cf388d2a04e6016d23eb93fa3cc804f2554b98f0","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/cf388d2a04e6016d23eb93fa3cc804f2554b98f0"},{"reference_url":"https://github.com/jenkinsci/jenkins/commit/eae33841b587da787f37d5b6c8451d483edc04d9","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/jenkins/commit/eae33841b587da787f37d5b6c8451d483edc04d9"},{"reference_url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/04/3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/11/04/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020345","reference_id":"2020345","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2020345"},{"reference_url":"https://security.archlinux.org/ASA-202111-1","reference_id":"ASA-202111-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-1"},{"reference_url":"https://security.archlinux.org/AVG-2526","reference_id":"AVG-2526","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21697","reference_id":"CVE-2021-21697","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21697"},{"reference_url":"https://github.com/advisories/GHSA-cv2w-q8c3-xjv7","reference_id":"GHSA-cv2w-q8c3-xjv7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cv2w-q8c3-xjv7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4799","reference_id":"RHSA-2021:4799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4801","reference_id":"RHSA-2021:4801","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4827","reference_id":"RHSA-2021:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4829","reference_id":"RHSA-2021:4829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4833","reference_id":"RHSA-2021:4833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4833"}],"fixed_packages":[],"aliases":["CVE-2021-21697","GHSA-cv2w-q8c3-xjv7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgtd-8mf6-ruc9"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.303.3.1637698110-1%3Farch=el7"}