Home > Vulnerability Database > CVE-2021-43578

Mend.io Vulnerability Database

CVE-2021-43578

Date: November 12, 2021

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.

Language: Java

Severity Score

8.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-43578

Url: http://www.openwall.com/lists/oss-security/2021/11/12/1

Url: https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2525

Url: https://www.mend.io/vulnerability-database/CVE-2021-43578

Severity Score

8.1

Weakness Type (CWE)

Protection Mechanism Failure

CWE-693

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	5.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-43578

Date: November 12, 2021

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?