CVE-2021-21647

2021-04-21T15:15:00
ID CVE-2021-21647
Type cve
Reporter jenkinsci-cert@googlegroups.com
Modified 2021-04-26T18:06:00

Description

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission.