CVE-2021-21633

🗓️ 30 Mar 2021 11:10:36Reported by jenkinsType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 77 Views

A CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to capture credentials

Reporter	Title	Published	Views	Family All 14
AlpineLinux	CVE-2021-21633	30 Mar 202111:10	–	alpinelinux
CNNVD	Jenkins OWASP Dependency-Track 跨站请求伪造漏洞	30 Mar 202100:00	–	cnnvd
CNVD	CloudBees Jenkins OWASP Dependency-Track Plugin Cross-Site Request Forgery Vulnerability	31 Mar 202100:00	–	cnvd
Cvelist	CVE-2021-21633	30 Mar 202111:10	–	cvelist
EUVD	EUVD-2022-5312	3 Oct 202520:07	–	euvd
Github Security Blog	CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials	24 May 202217:45	–	github
Tenable Nessus	Jenkins Plugins Multiple Vulnerabilities (Jenkins Security Advisory 2021-03-30)	30 Nov 202100:00	–	nessus
NVD	CVE-2021-21633	30 Mar 202112:16	–	nvd
OSV	GHSA-V7XH-H48C-XW5F CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials	24 May 202217:45	–	osv
Prion	Cross site request forgery (csrf)	30 Mar 202112:16	–	prion

NVD

Node

jenkins owasp_dependency-trackRange≤3.1.0jenkins

[
  {
    "product": "Jenkins OWASP Dependency-Track Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "1.1.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "3.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jenkins	www.jenkins.io/security/advisory/2021-03-30/
openwall	www.openwall.com/lists/oss-security/2021/03/30/1

21 Nov 2024 05:48Current

8.6High risk

Vulners AI Score8.6

CVSS 26.8

CVSS 3.18.8

EPSS0.00074

SSVC

CWE-352