Vulnerability DatabaseCVE-2021-33195

CVE-2021-33195:
Jenkins vulnerability analysis and mitigation

Overview

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. The vulnerability was discovered and disclosed in June 2021 (Golang Announce).

Technical details

The vulnerability affects the LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and their respective methods on the Resolver type. These functions may return arbitrary values retrieved from DNS that do not follow the established RFC 1035 rules for domain names. The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (NVD).

Impact

If the unvalidated DNS responses are used without proper sanitization, particularly when included in HTML content, they could allow for injection of unexpected content. This could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS) (NetApp Advisory).

Mitigation and workarounds

Users should upgrade to Go version 1.15.13 or 1.16.5 or later versions which contain the security fix. For systems using Gentoo, users should upgrade to dev-lang/go version 1.18.5 or later (Gentoo Advisory).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

7.3

Score

Published August 2, 2021

Severity HIGH

CNA Score N/A

Affected Technologies

Jenkins
Grafana

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 8.6

Exploitation Probability (EPSS) N/A

Affected packages and libraries

openshift4::ose-csi-external-snapshotter@sha256:c8dece4945fc85e8a151ceaeb00c67874114b9871be4c8b553a76c95a56c4798_s390x
openshift4::ose-etcd@sha256:9dede55707c223db5bbe250c1f24e1a7af5c35932471a23df604b649e85b11f0_s390x

Sources

AlmaLinux Security Advisory
- AlmaLinux 8 Severity MEDIUMHas FixAdded at: Jul 20, 2022
- AlmaLinux 9 Severity MEDIUMHas FixAdded at: Nov 19, 2022
Alpine Security Tracker
- Alpine 3.10, 3.11, 3.12 Severity HIGHNo FixAdded at: Nov 18, 2025
- Alpine 3.13, 3.14 Severity HIGHHas FixAdded at: Nov 23, 2021
- Alpine 3.15 Severity HIGHHas FixAdded at: Nov 25, 2021
- Alpine 3.16 Severity HIGHHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity HIGHHas FixAdded at: Dec 04, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
CBL-Mariner
- CBL-Mariner 3.0 Severity HIGHHas FixAdded at: May 04, 2025
Debian Security Tracker
- Debian 9, 10 Severity MEDIUMNo FixAdded at: Mar 28, 2022
- Debian 11 Severity MEDIUMHas FixAdded at: Nov 23, 2021
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Aug 04, 2022
Homebrew
- Homebrew Severity HIGHHas FixAdded at: Feb 12, 2024
Nix
- Nix Severity HIGHHas FixAdded at: Oct 13, 2023
Photon Security Advisory
- Photon 1.0 Severity HIGHHas FixAdded at: May 21, 2022
- Photon 2.0 Severity HIGHHas FixAdded at: Dec 11, 2021
- Photon 3.0 Severity HIGHHas FixAdded at: Nov 23, 2021
Red Hat Errata
- Red Hat 7 Severity MEDIUMNo FixAdded at: Nov 23, 2021
- Red Hat 8 Severity MEDIUMHas FixAdded at: Nov 23, 2021
- Red Hat 9 Severity MEDIUMHas FixAdded at: Sep 06, 2022
- Red Hat CoreOS 4 Severity MEDIUMHas FixAdded at: Jan 15, 2023
Rocky Linux Product Errata
- Rocky 8 Severity MEDIUMHas FixAdded at: Dec 07, 2025
NVD
- Linux Severity HIGHHas FixAdded at: Oct 13, 2023
- Windows Severity HIGHHas FixAdded at: Mar 10, 2022

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Jenkins vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-41249	HIGH	7.5	Jenkins	pki-deps:10.6::resteasy	No	Yes	Sep 16, 2025
CVE-2025-41248	HIGH	7.5	Jenkins	jenkins-2	No	Yes	Sep 16, 2025
CVE-2025-59476	MEDIUM	5.3	Java	cpe:2.3:a:jenkins:jenkins	No	Yes	Sep 17, 2025
CVE-2025-59474	MEDIUM	5.3	Java	cpe:2.3:a:jenkins:jenkins:::::lts:::*	No	Yes	Sep 17, 2025
CVE-2025-59475	MEDIUM	4.3	Java	org.jenkins-ci.main:jenkins-core	No	Yes	Sep 17, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2021-33195: Jenkins vulnerability analysis and mitigation