Security Advisory

CVE-2021-21639

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-07 13:50:13
Last updated 2024-08-03 18:16:23
Assigner jenkins
State PUBLISHED

Description

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.