CVE-2021-21655

CWE-352 — Cross-Site Request Forgery (CSRF)5 documents5 sources

Severity

7.1HIGH

EPSS

0.2%

top 61.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins P4 Plugin Jenkins P4

Timeline

PublishedMay 11

Latest updateMar 18

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:p4< 1.11.5

▶CVEListV5jenkins_project/jenkins_p4_pluginunspecified — 1.11.4

▶NVDjenkins/p41.11.4

🔴Vulnerability Details

GHSA

Cross-Site Request Forgery in Jenkins P4 Plugin↗2022-03-18

▶

OSV

Cross-Site Request Forgery in Jenkins P4 Plugin↗2022-03-18

▶

CVEList

CVE-2021-21655: A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1↗2021-05-11

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2021-05-11↗2021-05-11

▶