CVE-2021-21643
published 2021-04-21CVE-2021-21643: Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global…
PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.08%
61.0th percentile
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | cloudbees_cd_plugin | — | — |
| jenkins | config_file_provider | <= 3.7.0 | — |
| jenkins | config_file_provider_plugin | — | — |
| jenkins | ids_in_config_file_provider_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | templating_engine_plugin | — | — |
| jenkins_project | jenkins_config_file_provider_plugin | unspecified – 3.7.0 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
osv·2022-05-24
CVE-2021-21643 [MEDIUM] Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints.
This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.
An enumeration of system-scoped credentials IDs in Jenkins Config File Provider Plugin 3.7.1 requires Overall/Administer permission.
GHSA
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
ghsa·2022-05-24
CVE-2021-21643 [MEDIUM] CWE-863 Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints.
This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.
An enumeration of system-scoped credentials IDs in Jenkins Config File Provider Plugin 3.7.1 requires Overall/Administer permission.
Jenkins
Jenkins Security Advisory 2021-04-21
vendor_jenkins·2021-04-21·CVSS 8.1
CVE-2021-21642 [HIGH] Jenkins Security Advisory 2021-04-21
Title: Jenkins Security Advisory 2021-04-21
Jenkins Security Advisory 2021-04-21
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
CloudBees CD
Plugin
Config File Provider
Plugin
Templating Engine
Plugin
Descriptions
XXE vulnerability in Config File Provider Plugin
SECURITY-2204
/
CVE-2021-21642
Severity
Red Hat
jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.
vendor_redhat·2021-04-21·CVSS 6.5
CVE-2021-21643 [MEDIUM] CWE-281 jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.
jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-21
Published