CVE-2021-21621 Information

Description

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the \About user (basic authentication details only)\ information which can include the session ID of the user creating the support bundle in some configurations.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3