CVE-2021-21625
published 2021-03-18CVE-2021-21625: Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | aws_credentials_plugin | — | — |
| jenkins | cloudbees_aws_credentials | <= 1.28 | — |
| jenkins | folders_plugin | — | — |
| jenkins | libvirt_agents_plugin | — | — |
| jenkins | matrix_authorization_strategy_plugin | — | — |
| jenkins | role-based_authorization_strategy_plugin | — | — |
| jenkins | warnings_plugin | — | — |
| jenkins_project | jenkins_cloudbees_aws_credentials_plugin | unspecified – 1.28 | — |