CVE-2021-21670

Summary

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkinsunspecified <= 2.299affected
Jenkins projectJenkinsunspecified <= LTS 2.289.1affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References