CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

117 matches found

RedhatCVE•added 2021/04/21 4:44 p.m.•41 views

CVE-2021-21645

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs...

4.3CVSS0.7AI score0.00887EPSS

Exploits0References3

OSV•added 2021/04/21 3:15 p.m.•20 views

CVE-2021-21642

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.1CVSS6.5AI score

Exploits0References2

OSV•added 2021/04/21 3:15 p.m.•32 views

CVE-2021-21644

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.4CVSS6.5AI score

Exploits0References2

OSV•added 2021/04/21 3:15 p.m.•21 views

CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...

4.3CVSS6.4AI score

Exploits0References2

OSV•added 2021/04/21 3:15 p.m.•28 views

CVE-2021-21643

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...

6.5CVSS6.2AI score

Exploits0References2

NVD•added 2021/04/21 3:15 p.m.•20 views

CVE-2021-21642

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.1CVSS0.3783EPSS

Exploits0References2

NVD•added 2021/04/21 3:15 p.m.•19 views

CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...

4.3CVSS0.00887EPSS

Exploits0References2

NVD•added 2021/04/21 3:15 p.m.•23 views

CVE-2021-21643

6.5CVSS0.01082EPSS

Exploits0References2

NVD•added 2021/04/21 3:15 p.m.•20 views

CVE-2021-21644

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.8CVSS0.01053EPSS

Exploits0References2

Prion•added 2021/04/21 3:15 p.m.•26 views

Design/Logic Flaw

4CVSS6.5AI score0.01082EPSS

Exploits0References2Affected Software1

Prion•added 2021/04/21 3:15 p.m.•28 views

Design/Logic Flaw

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...

4CVSS5.2AI score0.00887EPSS

Exploits0References2Affected Software1

Prion•added 2021/04/21 3:15 p.m.•23 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.8CVSS6AI score0.01053EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/04/21 2:20 p.m.•18 views

CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...

5.7AI score0.00887EPSS

Exploits0References2

CVE•added 2021/04/21 2:20 p.m.•178 views

CVE-2021-21645

CVE-2021-21645 affects Jenkins with the Config File Provider Plugin 3.7.0 and earlier. The root cause is missing permission checks in several HTTP endpoints, enabling attackers with Overall/Read permission to enumerate configuration file IDs. This aligns with related advisories (GHSA-2959-FJ73-HM...

4.3CVSS4.6AI score0.00887EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2021/04/21 2:20 p.m.•36 views

CVE-2021-21645

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs...

4.3CVSS1.4AI score0.00887EPSS

Exploits0References2

Cvelist•added 2021/04/21 2:20 p.m.•21 views

CVE-2021-21644

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...

6.4AI score0.01053EPSS

Exploits0References2

CVE•added 2021/04/21 2:20 p.m.•172 views

CVE-2021-21644

Summary: CVE-2021-21644 affects Jenkins Config File Provider Plugin 3.7.0 and earlier. The vulnerability arises from an HTTP endpoint that does not require POST requests, enabling a CSRF attack to delete configuration files by attacker-specified IDs. The issue is addressed by upgrading to 3.7.1, ...

5.8CVSS5.6AI score0.01053EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2021/04/21 2:20 p.m.•31 views

CVE-2021-21644

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...

5.8CVSS4.9AI score0.01053EPSS

Exploits0References2

CVE•added 2021/04/21 2:20 p.m.•187 views

CVE-2021-21642

CVE-2021-21642 affects Jenkins Config File Provider Plugin versions 3.7.0 and earlier. The root cause is that the plugin’s XML parser is not configured to prevent XML External Entity (XXE) attacks. The advisory notes that XXE can enable an attacker to exfiltrate secrets via crafted configuration ...

8.1CVSS7.8AI score0.3783EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/04/21 2:20 p.m.•24 views

CVE-2021-21643

6.9AI score0.01082EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by