CVE-2021-21682

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.314 and earlier Jenkins LTS versions 2.303.1 and earlier

Description The issue arises from Jenkins accepting names of jobs and other entities with a trailing dot character on Windows, potentially allowing users with appropriate permissions to change or replace configurations of jobs and other entities. This is because on Windows, a file or folder with a trailing dot character is treated as if that character was not present. For example, example. is treated as example. This could lead to unintended replacement of configuration and data of other entities.

Recommendations For Jenkins versions 2.314 and earlier, update to version 2.315 or later to resolve the issue. For Jenkins LTS versions 2.303.1 and earlier, update to version 2.303.2 or later to resolve the issue. As a temporary workaround, consider restricting the creation of jobs and other entities with names that could potentially conflict with existing ones, especially those with trailing dot characters.