Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-21674

UNKNOWN
Published 2021-06-30T16:45:22
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-21674. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins project

Jenkins requests-plugin Plugin

Affected Versions:

unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Missing permission check in Jenkins requests-plugin Plugin allows viewing pending requests

GHSA-c4c3-3cgh-vvrh

Advisory Details

Jenkins requests-plugin Plugin 2.2.6 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to view the list of pending requests. Jenkins requests-plugin Plugin 2.2.7 requires Overall/Administer permission to view the list of pending requests. The previous sentence originally stated that Overall/Read permission was newly required. This statement was incorrect and has been fixed on 2021-07-05.

Affected Packages

Maven org.jenkins-ci.plugins:requests
ECOSYSTEM: ≥0 <2.2.7

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-21674
WEB https://github.com/jenkinsci/requests-plugin/commit/eb8ae816bbe734203debe323c578adc41baac5f4
PACKAGE https://github.com/jenkinsci/requests-plugin
WEB https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-1995
WEB http://www.openwall.com/lists/oss-security/2021/06/30/1

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: October 27, 2023

References

https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-1995
http://www.openwall.com/lists/oss-security/2021/06/30/1
Published: 2021-06-30T16:45:22
Last Modified: 2024-08-03T18:23:28.263Z
Copied to clipboard!