CVE-2021-21654

CWE-862Missing Authorization5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 74.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins P4 PluginJenkins P4
Timeline
PublishedMay 11
Latest updateJun 16

Description

Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_p4_pluginunspecified1.11.4
NVDjenkins/p41.11.4

🔴Vulnerability Details

3
GHSA
Missing Authorization in Jenkins P4 plugin2021-06-16
OSV
Missing Authorization in Jenkins P4 plugin2021-06-16
CVEList
CVE-2021-21654: Jenkins P4 Plugin 12021-05-11

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2021-05-112021-05-11
CVE-2021-21654 (MEDIUM CVSS 4.3) | Jenkins P4 Plugin 1.11.4 and earlie | cvebase.io