CVE-2021-21662: A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID…

medium4.3CVSS 3.1

AVNACLPRLUINSUCLINAN

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

Affected

7 ranges

Vendor	Product	Version range	Fixed in
jenkins	ids_in_kubernetes_cli_plugin	—	—
jenkins	ids_in_xebialabs_xl_deploy_plugin	—	—
jenkins	kiuwan_plugin	—	—
jenkins	kubernetes_cli_plugin	—	—
jenkins	xebialabs_xl_deploy	<= 10.0.1	—
jenkins	xebialabs_xl_deploy_plugin	—	—
jenkins_project	jenkins_xebialabs_xl_deploy_plugin	unspecified – 10.0.1	—