What is the severity of CVE-2021-21677?

CVE-2021-21677 is classified as a critical vulnerability due to its ability to allow remote code execution.

How do I fix CVE-2021-21677?

To fix CVE-2021-21677, upgrade the Jenkins Code Coverage API Plugin to version 1.4.1 or later.

Who is affected by CVE-2021-21677?

CVE-2021-21677 affects users of Jenkins Code Coverage API Plugin version 1.4.0 and earlier.

What types of vulnerabilities does CVE-2021-21677 present?

CVE-2021-21677 presents a remote code execution vulnerability due to improper handling of deserialization.

How can CVE-2021-21677 be exploited?

CVE-2021-21677 can be exploited by attackers who can control the serialized Java objects deserialized by the plugin.

Vulnerability/
CVE-2021-21677

high

8.8

CWE

502

31/8/2021

24/5/2022

3/8/2024

CVE-2021-21677

First published: Tue Aug 31 2021(Updated: )

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply [JEP-200 deserialization protection](https://github.com/jenkinsci/jep/tree/master/jep/200) to Java objects it deserializes from disk. This results in a remote code execution (RCE) vulnerability exploitable by attackers able to control agent processes. Jenkins Code Coverage API Plugin 1.4.1 configures its Java object deserialization to only deserialize safe types.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
maven/io.jenkins.plugins:code-coverage-api	<=1.4.0	1.4.1
Jenkins Code Coverage API	<=1.4.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-21677?
CVE-2021-21677 is classified as a critical vulnerability due to its ability to allow remote code execution.
How do I fix CVE-2021-21677?
To fix CVE-2021-21677, upgrade the Jenkins Code Coverage API Plugin to version 1.4.1 or later.
Who is affected by CVE-2021-21677?
CVE-2021-21677 affects users of Jenkins Code Coverage API Plugin version 1.4.0 and earlier.
What types of vulnerabilities does CVE-2021-21677 present?
CVE-2021-21677 presents a remote code execution vulnerability due to improper handling of deserialization.
How can CVE-2021-21677 be exploited?
CVE-2021-21677 can be exploited by attackers who can control the serialized Java objects deserialized by the plugin.

collector/github-advisory-latest
alias/GHSA-58pr-hprx-7hg6
alias/CVE-2021-21677
collector/github-advisory
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/author
agent/weakness
agent/severity
agent/first-publish-date
agent/event
agent/description
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
collector/nvd-cve
package-manager/maven
vendor/jenkins
canonical/jenkins code coverage api
version/jenkins code coverage api/1.4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.