{ "threat_severity" : "Important", "public_date" : "2021-01-13T00:00:00Z", "bugzilla" : { "description" : "jenkins: Improper handling of REST API XML deserialization errors", "id" : "1925157", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1925157" }, "cvss3" : { "cvss3_base_score" : "8.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-502", "details" : [ "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.", "A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "affected_release" : [ { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2021-03-03T00:00:00Z", "advisory" : "RHSA-2021:0637", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "jenkins-0:2.263.3.1612433584-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.5", "release_date" : "2021-03-03T00:00:00Z", "advisory" : "RHSA-2021:0429", "cpe" : "cpe:/a:redhat:openshift:4.5::el7", "package" : "conmon-2:2.0.21-1.rhaos4.5.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.5", "release_date" : "2021-03-03T00:00:00Z", "advisory" : "RHSA-2021:0429", "cpe" : "cpe:/a:redhat:openshift:4.5::el7", "package" : "jenkins-0:2.263.3.1612434332-1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.5", "release_date" : "2021-03-03T00:00:00Z", "advisory" : "RHSA-2021:0429", "cpe" : "cpe:/a:redhat:openshift:4.5::el7", "package" : "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.5", "release_date" : "2021-03-03T00:00:00Z", "advisory" : "RHSA-2021:0429", "cpe" : "cpe:/a:redhat:openshift:4.5::el7", "package" : "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.5", "release_date" : "2021-03-03T00:00:00Z", "advisory" : "RHSA-2021:0429", "cpe" : "cpe:/a:redhat:openshift:4.5::el7", "package" : "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.5", "release_date" : "2021-03-03T00:00:00Z", "advisory" : "RHSA-2021:0429", "cpe" : "cpe:/a:redhat:openshift:4.5::el7", "package" : "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.5", "release_date" : "2021-03-03T00:00:00Z", "advisory" : "RHSA-2021:0429", "cpe" : "cpe:/a:redhat:openshift:4.5::el7", "package" : "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.6", "release_date" : "2021-02-17T00:00:00Z", "advisory" : "RHSA-2021:0423", "cpe" : "cpe:/a:redhat:openshift:4.6::el8", "package" : "jenkins-0:2.263.3.1612434510-1.el8" } ], "package_state" : [ { "product_name" : "Red Hat Fuse 7", "fix_state" : "Not affected", "package_name" : "jenkins", "cpe" : "cpe:/a:redhat:jboss_fuse:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-21604\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21604" ], "name" : "CVE-2021-21604", "csaw" : false }