{"api_version":"1","generated_at":"2026-04-23T06:19:49+00:00","cve":"CVE-2021-21621","urls":{"html":"https://cve.report/CVE-2021-21621","api":"https://cve.report/api/cve/CVE-2021-21621.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-21621","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-21621"},"summary":{"title":"CVE-2021-21621","description":"Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the \"About user (basic authentication details only)\" information, which can include the session ID of the user creating the support bundle in some configurations.","state":"PUBLIC","assigner":"jenkinsci-cert@googlegroups.com","published_at":"2021-02-24 16:15:00","updated_at":"2023-10-25 18:16:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150","name":"https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Jenkins Security Advisory 2021-02-24","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-21621","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21621","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"21621","vulnerable":"1","versionEndIncluding":"2.72","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jenkins","cpe5":"support_core","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"jenkins","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-21621","qid":"375437","title":"Jenkins Plugins Multiple Security Vulnerabilities(Jenkins Security Advisory 2021-02-24)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2021-21621","ASSIGNER":"jenkinsci-cert@googlegroups.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the \"About user (basic authentication details only)\" information, which can include the session ID of the user creating the support bundle in some configurations."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Jenkins project","product":{"product_data":[{"product_name":"Jenkins Support Core Plugin","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"lessThanOrEqual":"2.72","status":"affected","version":"unspecified","versionType":"custom"},{"status":"unaffected","version":"2.70.1"},{"status":"unaffected","version":"2.68.1"}]}}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150","refsource":"MISC","name":"https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150"}]}},"nvd":{"publishedDate":"2021-02-24 16:15:00","lastModifiedDate":"2023-10-25 18:16:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:jenkins:support_core:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"2.72","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"21621","Ordinal":"196309","Title":"CVE-2021-21621","CVE":"CVE-2021-21621","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"21621","Ordinal":"1","NoteData":"Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the \"About user (basic authentication details only)\" information, which can include the session ID of the user creating the support bundle in some configurations.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"21621","Ordinal":"2","NoteData":"2021-02-24","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"21621","Ordinal":"3","NoteData":"2021-02-24","Type":"Other","Title":"Modified"}]}}}