CVE-2021-21674

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests...

Code injection

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address...

Information disclosure

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests...

CVE-2021-21676

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address...

CVE-2021-21676

Jenkins requests-plugin vulnerability CVE-2021-21676 affects the requests-plugin on Jenkins versions 2.2.7 and earlier. The issue is a missing permission check in an HTTP endpoint, which allows attackers with Overall/Read permission to trigger sending test emails to an attacker-specified address....

CVE-2021-21675

A cross-site request forgery CSRF vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests...

CVE-2021-21675

Summary: CVE-2021-21675 is a CSRF vulnerability in Jenkins’ requests-plugin that affects versions 2.2.12 and earlier. The flaw arises because certain HTTP endpoints did not require POST, allowing attackers to craft requests or cause administrators to apply pending requests (e.g., renaming or dele...

CVE-2021-21674

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests...

CVE-2021-21674

CVE-2021-21674 affects Jenkins with the requests-plugin (versions 2.2.6 and earlier). The root cause is a missing permission check on an HTTP endpoint, allowing attackers with Overall/Read permission to view the list of pending requests. The issue is mitigated by updating to version 2.2.7 or late...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins requests-plugin A security vulnerability exists in Jenkins requests-plugin 2.2.7 and earlier versions that does n...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins requests-plugin, which stems from missing privilege checks in Jenkins requests...

Jenkins 跨站请求伪造漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A cross-site request forgery vulnerability exists in Jenkins requests- Plugin 2.2.12 and earlier versions, which can be...

PT-2021-14718 · Jenkins · Jenkins Requests-Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins requests-plugin Plugin versions 2.2.12 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to create requests and/or have administrators apply pending requests, such as renaming or deleting jobs,...

PT-2021-14719 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins requests-plugin Plugin versions 2.2.7 and earlier Description: The issue is related to a missing permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email...

PT-2021-14717 · Jenkins · Jenkins Requests-Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins requests-plugin Plugin versions 2.2.6 and earlier Description: A missing permission check in the Jenkins requests-plugin Plugin allows attackers with Overall/Read permission to view the list of pending requests. This issue is related ...