High severity8.1NVD Advisory· Published Nov 12, 2021· Updated Jun 17, 2026
CVE-2021-43578
CVE-2021-43578
Description
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:squashtm-publisher-pluginMaven | <= 1.0.0 | — |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2021/11/12/1nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-h648-gj34-5x4rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-43578ghsaADVISORY
- www.jenkins.io/security/advisory/2021-11-12/nvdVendor AdvisoryWEB
News mentions
1- Jenkins Security Advisory 2021-11-12Jenkins Security Advisories · Nov 12, 2021