CVE-2021-21670

Incorrect Authorization in maven/org.jenkins-ci.main/jenkins-core

Identifier

CVE-2021-21670

Package Slug

maven/org.jenkins-ci.main/jenkins-core

Vulnerability

Incorrect Authorization

Description

Jenkins allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.

Affected Versions

All versions after 2.289.2 before 2.300

Solution

Upgrade to version 2.300 or above.

Last Modified

2021-07-08

source