CVE-2021-21645

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21645

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21645.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-21645

Aliases

GHSA-2959-fj73-hm8p

Related

Published

2021-04-21T15:15:08Z

Modified

2024-09-03T03:40:41.682403Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs.

References

Affected packages

Git / github.com/jenkinsci/config-file-provider-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/config-file-provider-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

90fe08fa90d2d1110d745fda887206c590d5c4a1

Affected versions

2.*

2.8.1

config-file-provider-1.*

config-file-provider-1.0

config-file-provider-1.1

config-file-provider-1.2

config-file-provider-1.4

config-file-provider-1.5

config-file-provider-1.6

config-file-provider-1.6.1

config-file-provider-1.9.1

config-file-provider-2.*

config-file-provider-2.0

config-file-provider-2.1

config-file-provider-2.1.1

config-file-provider-2.10.0

config-file-provider-2.10.1

config-file-provider-2.11

config-file-provider-2.12

config-file-provider-2.13

config-file-provider-2.14-beta

config-file-provider-2.14.1-beta

config-file-provider-2.14.2-beta

config-file-provider-2.15

config-file-provider-2.15.1

config-file-provider-2.15.2-beta

config-file-provider-2.15.3

config-file-provider-2.15.3-beta

config-file-provider-2.15.4

config-file-provider-2.15.5

config-file-provider-2.15.6

config-file-provider-2.15.7

config-file-provider-2.16.0

config-file-provider-2.16.1

config-file-provider-2.16.2

config-file-provider-2.16.3

config-file-provider-2.16.4

config-file-provider-2.17

config-file-provider-2.18

config-file-provider-2.2.1

config-file-provider-2.3

config-file-provider-2.4

config-file-provider-2.5

config-file-provider-2.5.1

config-file-provider-2.6

config-file-provider-2.6.1

config-file-provider-2.6.2

config-file-provider-2.7

config-file-provider-2.7.1

config-file-provider-2.7.2

config-file-provider-2.7.3

config-file-provider-2.7.4

config-file-provider-2.7.5

config-file-provider-2.9.1

config-file-provider-2.9.2

config-file-provider-2.9.3

config-file-provider-3.*

config-file-provider-3.0

config-file-provider-3.1

config-file-provider-3.2

config-file-provider-3.3

config-file-provider-3.4

config-file-provider-3.4.1

config-file-provider-3.5

config-file-provider-3.6

config-file-provider-3.6.1

config-file-provider-3.6.2

config-file-provider-3.6.3

config-file-provider-3.7.0

config-provider-model-1.*

config-provider-model-1.0

config-provider-model-1.1

config-provider-model-1.2

config-provider-model-1.3

config-provider-model-1.3.1

config-provider-model-1.3.2

config-provider-model-1.3.3

config-provider-model-1.3.4