CVE-2021-21664
published 2021-06-10CVE-2021-21664: An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | ids_in_kubernetes_cli_plugin | — | — |
| jenkins | ids_in_xebialabs_xl_deploy_plugin | — | — |
| jenkins | kiuwan_plugin | — | — |
| jenkins | kubernetes_cli_plugin | — | — |
| jenkins | xebialabs_xl_deploy | <= 10.0.1 | — |
| jenkins | xebialabs_xl_deploy_plugin | — | — |
| jenkins_project | jenkins_xebialabs_xl_deploy_plugin | >= 7.5.9 < unspecified | unspecified |
| jenkins_project | jenkins_xebialabs_xl_deploy_plugin | unspecified – 10.0.1 | — |