[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-21688":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":229,"aliases":230,"duplicate_of":9,"upstream":233,"downstream":234,"duplicates":245,"related":246,"reserved_at":9,"published_at":247,"modified_at":248,"state":249,"summary":250,"references_raw":259,"kevs":291,"epss":292,"epss_history":295,"metrics":553,"affected":568},"CVE-2021-21688","The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-862","Missing Authorization","The product does not perform an authorization check when an actor attempts to access a resource or perform an action.","weakness","Incomplete","Class","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[24,61,101],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1211","Exploitation for Stealth",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0005","Stealth",[35,40,44,48,53,57],{"id":36,"name":37,"tactic":38},"D3-MBT","Memory Boundary Tracking",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-PCSV","Process Code Segment Verification",{"name":39},{"id":45,"name":46,"tactic":47},"D3-SSC","Shadow Stack Comparisons",{"name":39},{"id":49,"name":50,"tactic":51},"D3-PSEP","Process Segment Execution Prevention",{"name":52},"Harden",{"id":54,"name":55,"tactic":56},"D3-SAOR","Segment Address Offset Randomization",{"name":52},{"id":58,"name":59,"tactic":60},"D3-SFCV","Stack Frame Canary Validation",{"name":52},{"id":62,"name":63,"tactics":64,"countermeasures":70},"T1542.002","Component Firmware",[65,66,67],{"id":29,"name":30},{"id":32,"name":33},{"id":68,"name":69},"TA0110","Persistence",[71,76,80,84,88,92,96],{"id":72,"name":73,"tactic":74},"D3-SWI","Software Inventory",{"name":75},"Model",{"id":77,"name":78,"tactic":79},"D3-AVE","Asset Vulnerability Enumeration",{"name":75},{"id":81,"name":82,"tactic":83},"D3-FEMC","Firmware Embedded Monitoring Code",{"name":39},{"id":85,"name":86,"tactic":87},"D3-FV","Firmware Verification",{"name":39},{"id":89,"name":90,"tactic":91},"D3-FBA","Firmware Behavior Analysis",{"name":39},{"id":93,"name":94,"tactic":95},"D3-SU","Software Update",{"name":52},{"id":97,"name":98,"tactic":99},"D3-RS","Restore Software",{"name":100},"Restore",{"id":102,"name":103,"tactics":104,"countermeasures":113},"T1556","Modify Authentication Process",[105,106,109,110],{"id":29,"name":30},{"id":107,"name":108},"TA0112","Defense Impairment",{"id":68,"name":69},{"id":111,"name":112},"TA0031","Credential Access",[114,118,122,126,130,134,138,142,146,150,155,159,163,167,171,176,180,184,188,193,197,201,205,209,213,217,221,225],{"id":115,"name":116,"tactic":117},"D3-CI","Configuration Inventory",{"name":75},{"id":119,"name":120,"tactic":121},"D3-NTPM","Network Traffic Policy Mapping",{"name":75},{"id":123,"name":124,"tactic":125},"D3-AM","Access Modeling",{"name":75},{"id":127,"name":128,"tactic":129},"D3-FA","File Analysis",{"name":39},{"id":131,"name":132,"tactic":133},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":135,"name":136,"tactic":137},"D3-PLA","Process Lineage Analysis",{"name":39},{"id":139,"name":140,"tactic":141},"D3-PSMD","Process Self-Modification Detection",{"name":39},{"id":143,"name":144,"tactic":145},"D3-PSA","Process Spawn Analysis",{"name":39},{"id":147,"name":148,"tactic":149},"D3-SFA","System File Analysis",{"name":39},{"id":151,"name":152,"tactic":153},"D3-FEV","File Eviction",{"name":154},"Evict",{"id":156,"name":157,"tactic":158},"D3-PT","Process Termination",{"name":154},{"id":160,"name":161,"tactic":162},"D3-PS","Process Suspension",{"name":154},{"id":164,"name":165,"tactic":166},"D3-HR","Host Reboot",{"name":154},{"id":168,"name":169,"tactic":170},"D3-HS","Host Shutdown",{"name":154},{"id":172,"name":173,"tactic":174},"D3-DF","Decoy File",{"name":175},"Deceive",{"id":177,"name":178,"tactic":179},"D3-FE","File Encryption",{"name":52},{"id":181,"name":182,"tactic":183},"D3-RF","Restore File",{"name":100},{"id":185,"name":186,"tactic":187},"D3-RC","Restore Configuration",{"name":100},{"id":189,"name":190,"tactic":191},"D3-CF","Content Filtering",{"name":192},"Isolate",{"id":194,"name":195,"tactic":196},"D3-LFP","Local File Permissions",{"name":192},{"id":198,"name":199,"tactic":200},"D3-RFAM","Remote File Access Mediation",{"name":192},{"id":202,"name":203,"tactic":204},"D3-CQ","Content Quarantine",{"name":192},{"id":206,"name":207,"tactic":208},"D3-CM","Content Modification",{"name":192},{"id":210,"name":211,"tactic":212},"D3-KBPI","Kernel-based Process Isolation",{"name":192},{"id":214,"name":215,"tactic":216},"D3-SCF","System Call Filtering",{"name":192},{"id":218,"name":219,"tactic":220},"D3-HBPI","Hardware-based Process Isolation",{"name":192},{"id":222,"name":223,"tactic":224},"D3-ABPI","Application-based Process Isolation",{"name":192},{"id":226,"name":227,"tactic":228},"D3-WSAM","Web Session Access Mediation",{"name":192},[],[231,232],"GHSA-m9hr-259f-2v23","BIT-jenkins-2021-21688",[],[235,237,239,241,243],{"_key":236},"RHSA-2021:4799",{"_key":238},"RHSA-2021:4801",{"_key":240},"RHSA-2021:4827",{"_key":242},"RHSA-2021:4829",{"_key":244},"RHSA-2021:4833",[],[],"2021-11-04T16:30:28.000Z","2024-08-03T18:23:28.294Z","Modified",{"cisa_kev":251,"cisa_ransomware":251,"cisa_vendor":9,"epss_severity":252,"epss_score":253,"severity":254,"severity_score":255,"severity_version":256,"severity_source":257,"severity_vector":258,"severity_status":249},false,"low",0.00352,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[260,269,274,278,282,286],{"url":261,"sources":262,"tags":265},"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455",[263,257,264],"cve.org","osv_maven",[266,267,268],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":270,"sources":271,"tags":272},"https://nvd.nist.gov/vuln/detail/CVE-2021-21688",[264],[273],"Advisory",{"url":275,"sources":276,"tags":277},"https://github.com/jenkinsci/jenkins/commit/104c751d907919dd53f5090f84d53c671a66457b",[264],[268],{"url":279,"sources":280,"tags":281},"https://github.com/jenkinsci/jenkins/commit/5a245e42979abe4a26d41727c839521e36cedd74",[264],[268],{"url":283,"sources":284,"tags":285},"https://github.com/jenkinsci/jenkins/commit/63cde2daadc705edf086f2213b48c8c547f98358",[264],[268],{"url":287,"sources":288,"tags":289},"https://github.com/jenkinsci/jenkins",[264],[290],"PACKAGE",[],{"date":293,"score":253,"percentile":294},"2026-06-04",0.5786,[296,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366,368,371,374,377,381,384,387,390,393,396,399,402,405,408,411,414,417,420,423,426,429,432,435,438,441,444,447,450,453,456,460,463,466,468,471,474,477,480,482,485,488,491,494,497,499,501,503,506,508,510,512,515,517,519,522,525,527,530,533,535,538,540,542,544,547,550],{"date":297,"score":298,"percentile":299},"2025-11-04",0.00299,0.52777,{"date":301,"score":298,"percentile":302},"2025-11-05",0.52751,{"date":304,"score":298,"percentile":305},"2025-11-06",0.52768,{"date":307,"score":298,"percentile":308},"2025-11-07",0.5279,{"date":310,"score":298,"percentile":311},"2025-11-08",0.52792,{"date":313,"score":298,"percentile":314},"2025-11-09",0.52791,{"date":316,"score":298,"percentile":317},"2025-11-10",0.52761,{"date":319,"score":298,"percentile":320},"2025-11-11",0.52773,{"date":322,"score":298,"percentile":323},"2025-11-12",0.52799,{"date":325,"score":298,"percentile":326},"2025-11-13",0.52804,{"date":328,"score":298,"percentile":329},"2025-11-14",0.52806,{"date":331,"score":253,"percentile":332},"2025-11-15",0.56941,{"date":334,"score":253,"percentile":335},"2025-11-16",0.56925,{"date":337,"score":253,"percentile":338},"2025-11-17",0.56919,{"date":340,"score":253,"percentile":341},"2025-11-18",0.54756,{"date":343,"score":253,"percentile":344},"2025-11-19",0.54771,{"date":346,"score":253,"percentile":347},"2025-11-20",0.54759,{"date":349,"score":253,"percentile":350},"2025-11-21",0.56937,{"date":352,"score":253,"percentile":353},"2025-11-22",0.56932,{"date":355,"score":253,"percentile":356},"2025-11-23",0.56906,{"date":358,"score":253,"percentile":359},"2025-11-24",0.56899,{"date":361,"score":253,"percentile":362},"2025-11-25",0.56902,{"date":364,"score":253,"percentile":365},"2025-11-26",0.56905,{"date":367,"score":253,"percentile":365},"2025-11-27",{"date":369,"score":253,"percentile":370},"2025-11-28",0.5688,{"date":372,"score":253,"percentile":373},"2025-11-29",0.56869,{"date":375,"score":253,"percentile":376},"2025-11-30",0.5686,{"date":378,"score":379,"percentile":380},"2025-12-01",0.00247,0.47892,{"date":382,"score":379,"percentile":383},"2025-12-02",0.47907,{"date":385,"score":379,"percentile":386},"2025-12-03",0.47899,{"date":388,"score":253,"percentile":389},"2025-12-04",0.56862,{"date":391,"score":253,"percentile":392},"2025-12-05",0.56878,{"date":394,"score":253,"percentile":395},"2025-12-06",0.56879,{"date":397,"score":253,"percentile":398},"2025-12-07",0.56876,{"date":400,"score":253,"percentile":401},"2025-12-08",0.56877,{"date":403,"score":253,"percentile":404},"2025-12-09",0.569,{"date":406,"score":253,"percentile":407},"2025-12-10",0.56954,{"date":409,"score":253,"percentile":410},"2025-12-11",0.56979,{"date":412,"score":253,"percentile":413},"2025-12-12",0.57004,{"date":415,"score":253,"percentile":416},"2025-12-13",0.56999,{"date":418,"score":253,"percentile":419},"2025-12-14",0.57,{"date":421,"score":253,"percentile":422},"2025-12-15",0.56985,{"date":424,"score":253,"percentile":425},"2025-12-16",0.56996,{"date":427,"score":253,"percentile":428},"2025-12-17",0.57014,{"date":430,"score":253,"percentile":431},"2025-12-18",0.57052,{"date":433,"score":253,"percentile":434},"2025-12-19",0.5706,{"date":436,"score":253,"percentile":437},"2025-12-20",0.57057,{"date":439,"score":253,"percentile":440},"2025-12-21",0.57037,{"date":442,"score":253,"percentile":443},"2025-12-22",0.5702,{"date":445,"score":253,"percentile":446},"2025-12-23",0.57026,{"date":448,"score":253,"percentile":449},"2025-12-24",0.57036,{"date":451,"score":253,"percentile":452},"2025-12-25",0.57079,{"date":454,"score":253,"percentile":455},"2025-12-26",0.57075,{"date":457,"score":458,"percentile":459},"2025-12-27",0.00187,0.4084,{"date":461,"score":253,"percentile":462},"2025-12-28",0.57047,{"date":464,"score":253,"percentile":465},"2025-12-29",0.5704,{"date":467,"score":253,"percentile":449},"2025-12-30",{"date":469,"score":253,"percentile":470},"2025-12-31",0.57073,{"date":472,"score":379,"percentile":473},"2026-01-01",0.48025,{"date":475,"score":379,"percentile":476},"2026-01-02",0.48002,{"date":478,"score":379,"percentile":479},"2026-01-03",0.47992,{"date":481,"score":253,"percentile":462},"2026-01-04",{"date":483,"score":253,"percentile":484},"2026-01-05",0.57035,{"date":486,"score":253,"percentile":487},"2026-01-06",0.57044,{"date":489,"score":253,"percentile":490},"2026-01-07",0.57069,{"date":492,"score":253,"percentile":493},"2026-01-08",0.5709,{"date":495,"score":253,"percentile":496},"2026-01-09",0.57092,{"date":498,"score":253,"percentile":493},"2026-01-10",{"date":500,"score":253,"percentile":490},"2026-01-11",{"date":502,"score":253,"percentile":484},"2026-01-12",{"date":504,"score":253,"percentile":505},"2026-01-13",0.57006,{"date":507,"score":253,"percentile":462},"2026-01-14",{"date":509,"score":253,"percentile":431},"2026-01-15",{"date":511,"score":253,"percentile":452},"2026-01-16",{"date":513,"score":253,"percentile":514},"2026-01-17",0.5707,{"date":516,"score":253,"percentile":514},"2026-01-18",{"date":518,"score":253,"percentile":431},"2026-01-19",{"date":520,"score":253,"percentile":521},"2026-01-20",0.57055,{"date":523,"score":253,"percentile":524},"2026-01-21",0.57063,{"date":526,"score":253,"percentile":524},"2026-01-22",{"date":528,"score":253,"percentile":529},"2026-01-23",0.57105,{"date":531,"score":253,"percentile":532},"2026-01-24",0.57111,{"date":534,"score":253,"percentile":470},"2026-01-25",{"date":536,"score":253,"percentile":537},"2026-01-26",0.57058,{"date":539,"score":253,"percentile":490},"2026-01-27",{"date":541,"score":253,"percentile":452},"2026-01-28",{"date":543,"score":253,"percentile":452},"2026-01-29",{"date":545,"score":253,"percentile":546},"2026-01-30",0.57082,{"date":548,"score":253,"percentile":549},"2026-01-31",0.57084,{"date":551,"score":379,"percentile":552},"2026-02-01",0.47829,[554,563],{"source":257,"cvss_v2_0":555,"cvss_v3_0":9,"cvss_v3_1":560,"cvss_v4_0":9},{"baseScore":556,"baseSeverity":9,"vectorString":557,"impactScore":558,"exploitabilityScore":559},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":255,"baseSeverity":561,"vectorString":258,"impactScore":562,"exploitabilityScore":559},"HIGH",6,{"source":264,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":564,"cvss_v4_0":9},{"baseScore":565,"baseSeverity":9,"vectorString":566,"impactScore":559,"exploitabilityScore":567},9,"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",5.6,[569,584,594],{"ecosystem":9,"name":570,"vendor":571,"product":572,"cpe_part":573,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":574},"Jenkins","jenkins project","jenkins","a",[575,581],{"version":576,"is_range":577,"range_type":263,"version_start":578,"version_start_type":579,"version_end":580,"version_end_type":579,"fixed_in":9},">= unspecified, \u003C= 2.318",true,"unspecified","including","2.318",{"version":582,"is_range":577,"range_type":263,"version_start":578,"version_start_type":579,"version_end":583,"version_end_type":579,"fixed_in":9},">= unspecified, \u003C= LTS 2.303.2","LTS 2.303.2",{"ecosystem":9,"name":570,"vendor":9,"product":570,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":585},[586,591],{"version":587,"is_range":577,"range_type":588,"version_start":9,"version_start_type":9,"version_end":589,"version_end_type":590,"fixed_in":9},"lt2.303.3","cpe","2.303.3","excluding",{"version":592,"is_range":577,"range_type":588,"version_start":9,"version_start_type":9,"version_end":593,"version_end_type":590,"fixed_in":9},"lt2.319","2.319",{"ecosystem":595,"name":596,"vendor":597,"product":598,"cpe_part":9,"purl_type":599,"purl_namespace":597,"purl_name":598,"source":9,"versions":600},"Maven","org.jenkins-ci.main:jenkins-core","org.jenkins-ci.main","jenkins-core","maven",[601,604],{"version":602,"is_range":577,"range_type":603,"version_start":9,"version_start_type":9,"version_end":589,"version_end_type":590,"fixed_in":9},"lt2_303_3","ecosystem",{"version":605,"is_range":577,"range_type":603,"version_start":606,"version_start_type":579,"version_end":593,"version_end_type":590,"fixed_in":9},"gte2_304_lt2_319","2.304"]