{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T08:27:36.140","vulnerabilities":[{"cve":{"id":"CVE-2021-21696","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2021-11-04T17:15:08.873","lastModified":"2024-11-21T05:48:51.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process."},{"lang":"es","value":"Jenkins versiones 2.318 y anteriores, LTS versiones 2.303.2 y anteriores, no limitan el acceso de lectura/escritura del agente al directorio libs/ dentro de los directorios de construcción cuando son utilizadas las APIs FilePath, permitiendo a atacantes que controlan los procesos del agente reemplazar el código de una biblioteca confiable con una variante modificada. Esto resulta en una ejecución de código sin sandbox en el proceso del controlador de Jenkins"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","versionEndIncluding":"2.303.2","matchCriteriaId":"988C6F39-A7CD-4CF3-8E38-A0179F078528"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*","versionEndIncluding":"2.318","matchCriteriaId":"F7399F73-979B-4229-A283-53BFB4C6A768"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2021/11/04/3","source":"jenkinsci-cert@googlegroups.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423","source":"jenkinsci-cert@googlegroups.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2021/11/04/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}