CVE-2021-21679
published 2021-08-31CVE-2021-21679: Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | azure_ad | 164.v5b48baa961d2 – 179.vf6841393099e | — |
| jenkins | code_coverage_plugin | — | — |
| jenkins | nested_view_plugin | — | — |
| jenkins | nomad_plugin | — | — |
| jenkins | saml_plugin | — | — |
| jenkins_project | jenkins_azure_ad_plugin | >= 164.v5b48baa961d2 < unspecified | unspecified |
| jenkins_project | jenkins_azure_ad_plugin | unspecified – 179.vf6841393099e | — |