CVE-2021-21696 Overview
CVE-2021-21696 is a critical vulnerability in Jenkins automation server that allows attackers controlling agent processes to execute unsandboxed code in the Jenkins controller. The flaw exists because Jenkins does not restrict agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. Attackers can replace the code of a trusted library with a modified variant, leading to arbitrary code execution within the trusted controller process. Jenkins 2.318 and earlier, along with LTS 2.303.2 and earlier, are affected.
Critical Impact
Compromised or malicious Jenkins agents can replace trusted library code and achieve unsandboxed code execution on the Jenkins controller, leading to full CI/CD pipeline compromise.
Affected Products
- Jenkins weekly releases 2.318 and earlier
- Jenkins LTS 2.303.2 and earlier
- Jenkins controllers using FilePath APIs with untrusted agents
Discovery Timeline
- 2021-11-04 - Jenkins publishes Security Advisory SECURITY-2423 with patched releases
- 2021-11-04 - CVE-2021-21696 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2021-21696
Vulnerability Analysis
The vulnerability resides in how Jenkins handles file operations between agents and the controller. Jenkins uses the FilePath API to perform file system operations across the controller-agent boundary. The controller copies trusted libraries into the libs/ directory of each build directory for execution. The FilePath API does not restrict agent processes from reading or writing to this libs/ directory. An attacker who controls an agent process can overwrite library files before the controller loads them. Because these libraries execute in the controller's trusted context, they run outside the Groovy sandbox.
Root Cause
The root cause is missing access control on agent-initiated file operations targeting the libs/ subdirectory of build directories. Jenkins assumed agents had no legitimate need to access this path but did not enforce that restriction in the FilePath APIs. This results in a trust boundary violation between agent processes and the controller.
Attack Vector
An attacker first needs to control a Jenkins agent process, which can occur through compromised build nodes, malicious build scripts running on agents, or attacker-controlled agent hosts. The attacker then uses the FilePath API surface exposed to the agent to write modified Java class files or JARs into the build's libs/ directory. When the controller loads or invokes these libraries during build orchestration, the attacker-supplied code executes in the controller process with full Jenkins privileges, bypassing the Groovy sandbox entirely. See the Jenkins Security Advisory SECURITY-2423 for further technical details.
Detection Methods for CVE-2021-21696
Indicators of Compromise
- Unexpected file writes from agent processes targeting the libs/ subdirectory inside Jenkins build directories
- Modification timestamps on files in $JENKINS_HOME/jobs/*/builds/*/libs/ that do not match controller-initiated build setup
- Unusual child processes spawned by the Jenkins controller process following agent communication
- Outbound network connections from the Jenkins controller to attacker infrastructure during or after builds
Detection Strategies
- Monitor file integrity on the Jenkins controller's build directory tree, especially libs/ paths, for writes originating from remoting channels
- Audit Jenkins controller logs for unexpected class loading events or Groovy execution outside the sandbox
- Correlate agent connection events with subsequent file modifications and process activity on the controller host
Monitoring Recommendations
- Enable Jenkins audit logging and forward events to a centralized SIEM for correlation with host telemetry
- Track Jenkins controller process behavior including child process creation, file system writes, and outbound network traffic
- Alert on any deviation from baseline behavior for the Jenkins controller user account
How to Mitigate CVE-2021-21696
Immediate Actions Required
- Upgrade Jenkins weekly to version 2.319 or later
- Upgrade Jenkins LTS to version 2.303.3 or later
- Audit existing agents and build nodes for signs of compromise before applying the patch
- Restrict which users and projects can configure agents and run builds on shared infrastructure
Patch Information
Jenkins addressed the issue in weekly release 2.319 and LTS release 2.303.3 by limiting agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. The fix and full details are documented in the Jenkins Security Advisory SECURITY-2423 and the corresponding Openwall OSS Security discussion.
Workarounds
- Isolate Jenkins agents into dedicated network segments and treat them as untrusted
- Avoid running builds from untrusted sources on agents that share infrastructure with sensitive projects
- Use ephemeral, single-use build agents to limit the window for agent-side attacker persistence
- Apply principle of least privilege to the Jenkins controller service account to reduce blast radius
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
