CVE-2021-21609
maven/org.jenkins-ci.main/jenkins-core
Incorrect Authorization
Jenkins does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read
permission to access some URLs as if they did have Overall/Read
permission.
All versions after 2.263.1 up to 2.274
Unfortunately, there is no solution available yet.
2021-01-18
source |