CVE-2021-21626
published 2021-03-18CVE-2021-21626: Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | aws_credentials_plugin | — | — |
| jenkins | folders_plugin | — | — |
| jenkins | libvirt_agents_plugin | — | — |
| jenkins | matrix_authorization_strategy_plugin | — | — |
| jenkins | role-based_authorization_strategy_plugin | — | — |
| jenkins | warnings_next_generation | <= 8.4.4 | — |
| jenkins | warnings_plugin | — | — |
| jenkins_project | jenkins_warnings_next_generation_plugin | unspecified – 8.4.4 | — |