We use cookies to improve your experience on our site.
AVID-2026-R0715
Description
Vulnerability CVE-2021-21605
Details
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file.
Reason for inclusion in AVID: CVE-2021-21605 describes a vulnerability in Jenkins (a CI/CD server) enabling an authenticated user to cause the global config.xml to be overridden via agent naming. Jenkins is a key component in AI software pipelines (build/deploy/test) and such a vulnerability can affect the integrity and security of AI systems supply chains. The report provides CVE details and references, sufficient to evaluate security impact.
References
Affected or Relevant Artifacts
- Developer: Jenkins project
- Deployer: Jenkins project
- Artifact Details:
| Type | Name |
|---|---|
| System | Jenkins |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-01-13
- Version: 0.3.3
- AVID Entry