Team Foundation Server Security Vulnerabilities and Issues — Team Foundation Server CVE List

Lucene search

JenkinsTeam Foundation Server

3 matches found

CVE•added 2021/03/30 12:16 p.m.•80 views

CVE-2021-21638

A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

8.8CVSS8.6AI score0.00074EPSS

CVE•added 2021/03/30 12:16 p.m.•72 views

CVE-2021-21637

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

6.5CVSS6.2AI score0.00048EPSS

CVE•added 2021/03/30 12:16 p.m.•68 views

CVE-2021-21636

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

4.3CVSS4.3AI score0.00031EPSS