CVE-2021-21663
published 2021-06-10CVE-2021-21663: A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | ids_in_kubernetes_cli_plugin | — | — |
| jenkins | ids_in_xebialabs_xl_deploy_plugin | — | — |
| jenkins | kiuwan_plugin | — | — |
| jenkins | kubernetes_cli_plugin | — | — |
| jenkins | xebialabs_xl_deploy | <= 7.5.8 | — |
| jenkins | xebialabs_xl_deploy_plugin | — | — |
| jenkins_project | jenkins_xebialabs_xl_deploy_plugin | >= 7.5.6 < unspecified | unspecified |
| jenkins_project | jenkins_xebialabs_xl_deploy_plugin | unspecified – 7.5.8 | — |