CVE-2021-21629
published 2021-03-30CVE-2021-21629: A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with…
PriorityP335high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.75%
50.3th percentile
A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build_with_parameters | <= 1.5 | — |
| jenkins | build_with_parameters_plugin | — | — |
| jenkins | cloud_statistics_plugin | — | — |
| jenkins | extra_columns_plugin | — | — |
| jenkins | owasp_dependency-track_plugin | — | — |
| jenkins | rest_list_parameter_plugin | — | — |
| jenkins | team_foundation_server_plugin | — | — |
| jenkins_project | jenkins_build_with_parameters_plugin | unspecified – 1.5 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
CSRF vulnerability in Jenkins Build With Parameters Plugin
ghsa·2022-05-24
CVE-2021-21629 [HIGH] CWE-352 CSRF vulnerability in Jenkins Build With Parameters Plugin
CSRF vulnerability in Jenkins Build With Parameters Plugin
Jenkins Build With Parameters Plugin 1.5 and earlier does not require POST requests for its form submission endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to build a project with attacker-specified parameters. Build With Parameters Plugin 1.5.1 requires POST requests for the affected HTTP endpoint.
OSV
CSRF vulnerability in Jenkins Build With Parameters Plugin
osv·2022-05-24
CVE-2021-21629 [HIGH] CSRF vulnerability in Jenkins Build With Parameters Plugin
CSRF vulnerability in Jenkins Build With Parameters Plugin
Jenkins Build With Parameters Plugin 1.5 and earlier does not require POST requests for its form submission endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to build a project with attacker-specified parameters. Build With Parameters Plugin 1.5.1 requires POST requests for the affected HTTP endpoint.
Jenkins
Jenkins Security Advisory 2021-03-30
vendor_jenkins·2021-03-30·CVSS 5.4
CVE-2021-21628 [MEDIUM] Jenkins Security Advisory 2021-03-30
Title: Jenkins Security Advisory 2021-03-30
Jenkins Security Advisory 2021-03-30
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Build With Parameters
Plugin
Cloud Statistics
Plugin
Extra Columns
Plugin
Jabber (XMPP) notifier and control
Plugin
OWASP Dependency-Track
Plugin
REST List Parameter
Pl
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-30
Published