CVE-2021-21674

CWE-862 — Missing Authorization5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 68.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Requests-plugin Plugin Jenkins Requests

Timeline

PublishedJun 30

Latest updateMay 24

Description

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:requests< 2.2.7

▶CVEListV5jenkins_project/jenkins_requests-plugin_pluginunspecified — 2.2.6

▶NVDjenkins/requests2.2.6

🔴Vulnerability Details

GHSA

Missing permission check in Jenkins requests-plugin Plugin allows viewing pending requests↗2022-05-24

▶

OSV

Missing permission check in Jenkins requests-plugin Plugin allows viewing pending requests↗2022-05-24

▶

CVEList

CVE-2021-21674: A missing permission check in Jenkins requests-plugin Plugin 2↗2021-06-30

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2021-06-30↗2021-06-30

▶