Lucene search

K
cvelistJenkinsCVELIST:CVE-2021-21626
HistoryMar 18, 2021 - 1:35 p.m.

CVE-2021-21626

2021-03-1813:35:24
jenkins
www.cve.org

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.1%

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.

CNA Affected

[
  {
    "product": "Jenkins Warnings Next Generation Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "8.4.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "8.4.3.1"
      }
    ]
  }
]

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.1%

Related for CVELIST:CVE-2021-21626