CVE-2021-21677

Summary

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Code Coverage API Pluginunspecified <= 1.4.0affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References