VYPR
High severity8.1NVD Advisory· Published Nov 12, 2021· Updated Jun 17, 2026

CVE-2021-43578

CVE-2021-43578

Description

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:squashtm-publisher-pluginMaven
<= 1.0.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

1