CVE-2021-21665

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

Default credentials

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...

Information disclosure

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

CVE-2021-21665

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

CVE-2021-21665

CVE-2021-21665 is a CSRF vulnerability in the Jenkins XebiaLabs XL Deploy Plugin (versions 10.0.1 and earlier). The issue allows an attacker to have the Jenkins server connect to an attacker-controlled URL using attacker-selected credential IDs, which can result in leakage of stored credentials (...

CVE-2021-21665

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

CVE-2021-21663

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...

CVE-2021-21663

CVE-2021-21663 affects the Jenkins XebiaLabs XL Deploy Plugin

CVE-2021-21664

CVE-2021-21664 affects the Jenkins XebiaLabs XL Deploy Plugin up to version 10.0.1, where an incorrect permission check allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs, enabling access to username/password credential...

CVE-2021-21664

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...

CVE-2021-21664

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...

CVE-2021-21663

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...

CVE-2021-21662

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

CVE-2021-21662

Summary: CVE-2021-21662 affects Jenkins XebiaLabs XL Deploy Plugin (≤10.0.1). Root cause: missing permission check in a form-validation path permits attackers with Overall/Read to enumerate credentials IDs stored in Jenkins. Impact: information disclosure of credential identifiers; could enable c...

CVE-2021-21662

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

PT-2021-14706 · Xebialabs +1 · Jenkins Xebialabs Xl Deploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin versions 7.5.8 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs...

Jenkins 授权问题漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins XebiaLabs XL Deploy Plugin has an authorization issue vulnerability that stems from incorrect privilege checking ...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins XebiaLabs XL Deploy Plugin version 7.5.8 and earlier versions that allows an...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins XebiaLabs XL Deploy Plugin has a security vulnerability that stems from missing permission checks in Jenkins...