vulnerability
Arch Linux: Authentication bypass (CVE-2021-21671)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:P/I:P/A:P) | Jun 30, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Published
Jun 30, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
Jenkins 2.299 and earlier does not invalidate the existing session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. Jenkins 2.300 invalidates the existing session on login.
Solution
arch-linux-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.