CVE-2021-21641

CWE-352Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.5%
top 35.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Promoted Builds PluginJenkins Promoted Builds
Timeline
PublishedApr 7
Latest updateMay 24

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_promoted_builds_pluginunspecified3.9

🔴Vulnerability Details

3
OSV
CSRF vulnerability in Jenkins promoted builds Plugin2022-05-24
GHSA
CSRF vulnerability in Jenkins promoted builds Plugin2022-05-24
CVEList
CVE-2021-21641: A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 32021-04-07

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2021-04-072021-04-07
CVE-2021-21641 (MEDIUM CVSS 4.3) | A cross-site request forgery (CSRF) | cvebase.io