Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wNnFjLTM3aHEtd3FyNs4AAoNm
Remote code execution vulnerability in Jenkins Templating Engine Plugin
Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin.
This vulnerability allows attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.
Templating Engine Plugin 2.2 integrates with Script Security Plugin to protect its pipeline configurations.
Permalink: https://github.com/advisories/GHSA-p6qc-37hq-wqr6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNnFjLTM3aHEtd3FyNs4AAoNm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 4 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-p6qc-37hq-wqr6, CVE-2021-21646
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-21646
- https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2311
- http://www.openwall.com/lists/oss-security/2021/04/21/2
- https://github.com/advisories/GHSA-p6qc-37hq-wqr6
Affected Packages
maven:org.jenkins-ci.plugins:templating-engine
Versions: <= 2.1Fixed in: 2.2