GHSA-p6qc-37hq-wqr6

GitHub Security Advisory

Remote code execution vulnerability in Jenkins Templating Engine Plugin

✓ GitHub Reviewed HIGH Has CVE

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin.

This vulnerability allows attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.

Jenkins Templating Engine Plugin 2.2 integrates with Script Security Plugin to protect its pipeline configurations.

Maven org.jenkins-ci.plugins:templating-engine

Affected versions: 0 (fixed in 2.2)

CVE-2021-21646

GHSA ID

GHSA-p6qc-37hq-wqr6

Published

May 24, 2022 5:48 PM

Last Modified

October 27, 2023 2:24 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:templating-engine

GitHub Reviewed

✓ Yes

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.