CVE-2021-21671

High

7.5/10

Summary

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Jun 30, 2021