CVE-2021-21671

Summary

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins2.266 < unspecifiedaffected
Jenkins projectJenkinsLTS 2.277.1 < unspecifiedaffected
Jenkins projectJenkinsunspecified <= 2.299affected
Jenkins projectJenkinsunspecified <= LTS 2.289.1affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References