nvd-json-data-feeds/CVE-2021/CVE-2021-216xx/CVE-2021-21621.json

{
  "id": "CVE-2021-21621",
  "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
  "published": "2021-02-24T16:15:15.133",
  "lastModified": "2022-10-25T16:03:04.260",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the \"About user (basic authentication details only)\" information, which can include the session ID of the user creating the support bundle in some configurations."
    },
    {
      "lang": "es",
      "value": "Jenkins Support Core Plugin versiones 2.72 y anteriores, proporcionan la autenticaci\u00f3n de usuario serializada como parte de la informaci\u00f3n \"About user (basic authentication details only)\", que puede incluir el ID de sesi\u00f3n del usuario creando el paquete de soporte en algunas configuraciones"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    },
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-201"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:jenkins:support_core:*:*:*:*:*:jenkins:*:*",
              "versionEndIncluding": "2.72",
              "matchCriteriaId": "B40EA8FA-9FE1-4649-966D-823B10D96EEC"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150",
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}