CVE-2021-21606

Summary

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins2.242 < unspecifiedaffected
Jenkins projectJenkinsunspecified <= 2.274affected
Jenkins projectJenkinsunspecified <= LTS 2.263.1affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References