CVE-2021-21653

2021-05-1115:15:08

Google

osv.dev

jenkins xray

permission check

http endpoint

credential enumeration

software

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

References

www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2251%20%282%29