Jenkins Security Advisory 2021-03-30
Affects plugin: Build With Parameters Affects plugin: Cloud Statistics Affects plugin: Extra Columns Affects plugin: Jabber (XMPP) notifier and control Affects plugin: OWASP Dependency-Track Affects plugin: REST List Parameter Affects plugin: Team Foundation Server
Details
Original advisory: https://www.jenkins.io/security/advisory/2021-03-30/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Exploitation likely imminentCVE-2021-21628EPSS puts this in the most-targeted tier (81.9% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 100% of all scored CVEs.
- Low exploitation riskCVE-2021-216290.75% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 51% of all scored CVEs.
- Exploitation likely imminentCVE-2021-21630EPSS puts this in the most-targeted tier (72.4% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 99% of all scored CVEs.
- Low exploitation riskCVE-2021-216310.80% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 52% of all scored CVEs.
- Moderate exploitation riskCVE-2021-216321.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 60% of all scored CVEs.
- Low exploitation riskCVE-2021-216330.77% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 51% of all scored CVEs.
- Low exploitation riskCVE-2021-216340.81% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 52% of all scored CVEs.
- Moderate exploitation riskCVE-2021-216358.8% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 95% of all scored CVEs.
- Low exploitation riskCVE-2021-216360.79% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 52% of all scored CVEs.
- Low exploitation riskCVE-2021-216370.97% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 58% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2021-21628 | coverage & exploitation status | NVD · CVE.org |
| CVE-2021-21629 | coverage & exploitation status | NVD · CVE.org |
| CVE-2021-21630 | coverage & exploitation status | NVD · CVE.org |
| CVE-2021-21631 | coverage & exploitation status | NVD · CVE.org |
| CVE-2021-21632 | coverage & exploitation status | NVD · CVE.org |
| CVE-2021-21633 | coverage & exploitation status | NVD · CVE.org |
| CVE-2021-21634 | coverage & exploitation status | NVD · CVE.org |
| CVE-2021-21635 | coverage & exploitation status | NVD · CVE.org |
| CVE-2021-21636 | coverage & exploitation status | NVD · CVE.org |
| CVE-2021-21637 | coverage & exploitation status | NVD · CVE.org |
| CVE-2021-21638 | coverage & exploitation status | NVD · CVE.org |
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18