{"id":"CVE-2021-21671","details":"Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.","aliases":["BIT-jenkins-2021-21671","GHSA-4wr9-2xc6-jmg5"],"modified":"2026-04-10T04:29:46.989874Z","published":"2021-06-30T17:15:08.987Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2371"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/06/30/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/jenkins","events":[{"introduced":"abbb02568178cc072ada2f438c0ec446dbd48633"},{"fixed":"21bfcc6c61c2c41af07aa0fda29ee343ac2b70ed"},{"introduced":"a22f822b74a28d4100a6cf402df0855d7c92d1a3"},{"fixed":"285a2536a96152a0e66ad0cc8cef9128094aa581"}],"database_specific":{"versions":[{"introduced":"2.266"},{"fixed":"2.300"},{"introduced":"2.277.1"},{"fixed":"2.289.2"}]}}],"versions":["jenkins-2.266","jenkins-2.267","jenkins-2.268","jenkins-2.269","jenkins-2.270","jenkins-2.271","jenkins-2.272","jenkins-2.273","jenkins-2.274","jenkins-2.276","jenkins-2.277","jenkins-2.278","jenkins-2.279","jenkins-2.280","jenkins-2.281","jenkins-2.282","jenkins-2.283","jenkins-2.284","jenkins-2.285","jenkins-2.286","jenkins-2.287","jenkins-2.288","jenkins-2.289","jenkins-2.289.1","jenkins-2.289.2-rc","jenkins-2.290","jenkins-2.291","jenkins-2.292","jenkins-2.293","jenkins-2.294","jenkins-2.295","jenkins-2.296","jenkins-2.297","jenkins-2.298","jenkins-2.299"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21671.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}