Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistJenkinsCVELIST:CVE-2021-21632
HistoryMar 30, 2021 - 11:10 a.m.

CVE-2021-21632

2021-03-3011:10:35
jenkins
www.cve.org
2
jenkins
owasp dependency-track
permission check
cve-2021-21632
credentials capture

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

CNA Affected

[
  {
    "product": "Jenkins OWASP Dependency-Track Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "1.1.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "3.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
nvd 1
osv 2
github 1
alpinelinux 1
cve 1
nessus 1
prion
prion
Information disclosure
2021-03-30 12:16:00
nvd
nvd
CVE-2021-21632
2021-03-30 12:16:10
osv
osv
CVE-2021-21632
2021-03-30 12:16:10
Missing permission checks in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
2022-05-24 17:45:46
github
github
Missing permission checks in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
2022-05-24 17:45:46
alpinelinux
alpinelinux
CVE-2021-21632
2021-03-30 12:16:10
cve
cve
CVE-2021-21632
2021-03-30 12:16:10
nessus
nessus
Jenkins Plugins Multiple Vulnerabilities (Jenkins Security Advisory 2021-03-30)
2021-11-30 00:00:00

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON
Related for CVELIST:CVE-2021-21632
prion1nvd1osv2github1alpinelinux1cve1nessus1