Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1wNnFjLTM3aHEtd3FyNs4AAoNm

Remote code execution vulnerability in Jenkins Templating Engine Plugin

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin.

This vulnerability allows attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.

Jenkins Templating Engine Plugin 2.2 integrates with Script Security Plugin to protect its pipeline configurations.

Permalink: https://github.com/advisories/GHSA-p6qc-37hq-wqr6
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNnFjLTM3aHEtd3FyNs4AAoNm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 3 months ago


CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-p6qc-37hq-wqr6, CVE-2021-21646
References: Repository: https://github.com/jenkinsci/templating-engine-plugin

Affected Packages

maven:org.jenkins-ci.plugins:templating-engine
Affected Version Ranges: <= 2.1
Fixed in: 2.2