EUVD-2022-5736

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Jenkins Azure AD Plugin allows URL crafting to bypass CSRF protection in Jenkins

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-21679	31 Aug 202118:33	–	circl
Tenable Nessus	Jenkins Enterprise and Operations Center < 2.249.32.0.2 / 2.277.41.0.2 / 2.303.1.6 Multiple Vulnerabilities (CloudBees Security Advisory 2021-08-31)	6 Oct 202100:00	–	nessus
CNNVD	Jenkins 安全漏洞	31 Aug 202100:00	–	cnnvd
CVE	CVE-2021-21679	31 Aug 202113:50	–	cve
Cvelist	CVE-2021-21679	31 Aug 202113:50	–	cvelist
Github Security Blog	Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL	24 May 202219:12	–	github
NVD	CVE-2021-21679	31 Aug 202114:15	–	nvd
OSV	GHSA-X77R-7M5W-PQQ2 Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL	24 May 202219:12	–	osv
Prion	Cross site request forgery (csrf)	31 Aug 202114:15	–	prion
Positive Technologies	PT-2021-14722 · Jenkins · Jenkins Azure Ad Plugin +1	31 Aug 202100:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "15cbc1f0-2d38-3581-bb3d-e48a048cd696",
        "vendor": {
          "name": "Jenkins Project"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "7c25b879-156d-3469-8205-166df50089c9",
        "product": {
          "name": "Jenkins Azure AD Plugin"
        },
        "product_version": "unspecified ≤179.vf6841393099e"
      },
      {
        "id": "db97f19c-c0d6-3098-8bab-27ea4d90f536",
        "product": {
          "name": "Jenkins Azure AD Plugin"
        },
        "product_version": "164.v5b48baa961d2 <unspecified"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-21679
github	www.github.com/jenkinsci/azure-ad-plugin/commit/8b1e80e6f242275127ebb177e2a755a2104b4853
github	www.github.com/jenkinsci/azure-ad-plugin
jenkins	www.jenkins.io/security/advisory/2021-08-31/
openwall	www.openwall.com/lists/oss-security/2021/08/31/1

03 Oct 2025 20:07Current

8.4High risk

Vulners AI Score8.4

CVSS 3.18.8

CVSS 26.8

EPSS0.00055